CPLINK
   HOME

TheInfoList



Click Here for Items Related To - CPLINK
OR:
CPLINK on:   [Wikipedia]   [Google]   [Amazon]

CPLINK and Win32/CplLnk.A are names for a Microsoft Windows shortcut icon
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
discovered in June 2010 and patched on 2 August that affected all Windows operating systems. The vulnerability is exploitable when any Windows application that displays shortcut icons, such as
Windows Explorer File Explorer, previously known as Windows Explorer, is a file manager application and default desktop environment that is included with releases of the Microsoft Windows operating system from Windows 95 onwards. It provides a graphical user i ...
, browses to a folder containing a malicious shortcut. The exploit can be triggered without any user interaction, regardless where the shortcut file is located. In June 2010, VirusBlokAda reported detection of
zero-day attack A zero-day (also known as a 0-day) is a vulnerability or security hole in a computer system unknown to its developers or anyone capable of mitigating it. Until the vulnerability is remedied, threat actors can exploit it in a zero-day exploit, or z ...
malware called
Stuxnet Stuxnet is a Malware, malicious computer worm first uncovered on June 17, 2010, and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsibl ...
that exploited the vulnerability to install a
rootkit A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exist ...
that snooped
Siemens Siemens AG ( ) is a German multinational technology conglomerate. It is focused on industrial automation, building automation, rail transport and health technology. Siemens is the largest engineering company in Europe, and holds the positi ...
'
SCADA SCADA (an acronym for supervisory control and data acquisition) is a control system architecture comprising computers, networked data communications and graphical user interfaces for high-level supervision of machines and processes. It also cove ...
systems
WinCC SIMATIC WinCC is a supervisory control and data acquisition (SCADA) and human-machine interface (HMI) system from Siemens. SCADA systems are used to monitor and control physical processes involved in industry and infrastructure on a large scal ...
and PCS 7. According to
Symantec Symantec may refer to: * Gen Digital, an American consumer software company formerly known as Symantec * Symantec Security, a brand of enterprise security software purchased by Broadcom Broadcom Inc. is an American multinational corporation, ...
it is the first worm designed to reprogram industrial systems and not only to spy on them.


References

{{Reflist


External links


Microsoft Security Advisory (2286198)
concerning the Windows vulnerability exploited by CPLINK.
Infoworld article
Is Stuxnet the 'best' malware ever? Injection exploits Malware