Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: SophosLabs Released Free Tool to Validate Microsoft Shortcut - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
SophosLabs Released Free Tool to Validate Microsoft Shortcut

SophosLabs has just released a free tool that provides detection against the Windows shortcut exploit that we published last week here and here. Sophos has indicated it works with any antivirus software and it works with Windows XP/Vista/7 but not 2000. When Windows tries to display an icon with a shortcut, the tool will intercept the request in order to validate it and give back control to the user if not found to be malicious.

SophosLabs has made a video available on what is the exploit and how the tool works here and the tool is available for downloaded here.


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


522 Posts
ISC Handler
Jul 26th 2010
German notes that there's a similar tool from G-Data ( which according to them works better.

13 Posts
G-Data tool silently protects against remote _and_ local LNK "attacks".
One caveat though: reboot is needed after installation (Sophos tool doesn't).
1 Posts

Sign Up for Free or Log In to start participating in the conversation!