« Weekly Security News – July 29, 2010 | Main | Weekly Security News – August 5, 2010 »


About This Blog

The Content Security Research Team's Mission: Deliver security research and intelligence that educates, supports and strengthens the security community, and drives innovation in our eSafe solutions.

Follow Us on Twitter

08/03/2010

LNK vulnerability patch solves "the next big thing"?

Microsoft released a patch that solves the new LNK vulnerability: Microsoft Announcement.

We recommend installing this patch to ensure you are protected from the vulnerability.

Discovery of the new LNK vulnerability a few weeks ago created a lot of hype. All the security industry web sites were abuzz with talk about the new vulnerability, discovered by the Belorussian AV company VirusBlokADA.

The first incident of the vulnerability downloaded a Trojan targeting SCADA control systems, used to control power plants. Thereafter, other Trojans (e.g. Zeus) used the vulnerability to propagate themselves, causing experts in the content security field to start talking about “the next big thing".

Is it, or was it, really the next big thing? I don't think so. It reminds me of the "Swine Flu" scare we had last year. Everybody was talking about it, and how it was going to be the new smallpox epidemic. In the end, although there were many incidents of the virus, it certainly didn’t reach epidemic proportions…

This is the same case. Many organizations raised a flag that a new virus is on the rampage; people got scared, new security solutions were bought, and many individuals and organizations made a nice profit from it. But, is it really that bad? Well, no. Many users were infected with the new vulnerability, but not more than other vulnerabilities. Furthermore, there was a time gap between the discovery and the release of the patch.

This is not the end, though. Vulnerabilities will continue to be discovered in the future, and companies will once again talk about “the next big thing", but I think we need to keep everything in proportion. Although we should be on guard 24/7, we should also be more responsible, as security specialists, before frightening the public.

Comments (0)

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.