Detect and Remove Malicious Shortcuts with Shortcut Scanner
Phrozen Software™ has researched two ways of exploiting Microsoft Windows shortcuts. One has been used by hackers in phishing campaigns already. The second was recently discovered by our Security Researcher and we wrote two articles about the subject to alert the IT world about them (see here and here). These articles were received very positively were circulated widely on social media networks, including Twitter. Immediately after the release of these articles, we saw a significant increase in the use and spread of malicious applications that exploited Microsoft Windows Shortcuts.
Because we suspect that Microsoft will not apply a fix for this weakness in the near future, Phrozen SoftwareTM has created the Shortcut Scanner utility to detect and remove these malicious shortcuts. Shortcut Scanner works like a regular antivirus scanner by scanning all attached storage media (fixed and removable hard drives) and evaluating all existing shortcuts.
Shortcut Scanner determines if a shortcut is broken, suspicious, or dangerous. Broken shortcut point to a non-existing location and are not usually harmful, but can and should be removed. Suspicious shortcuts contain arguments that could be calling suspicious applications or parameters. They need to be evaluated carefully before removal.
Dangerous shortcuts are those that trigger more than one of the following flags:
- The target application points to a command prompt (e.g., Terminal, PowerShell, or Ubuntu Bash)
- The shortcut contains dangerous keywords often used to create malicious shortcuts
- The shortcut command line overflows the Microsoft Windows limitation of 260 characters (MAX PATH)
- The shortcut file size is above 4kB
- The shortcut contains arguments, plus one of flags above
You should seriously consider removing any shortcuts flagged as ‘dangerous.’ The more flags that are triggered during the scan, the more dangerous the shortcut could be.
Shortcut Scanner is a quick and reliable tool for protecting yourself against this emerging threat. In tests, Shortcut Sacnner detected 100% of malicious shortcuts and was totally effective against recent malware and phishing campaigns.
How does it look like
We are considering an update to add proactive protection to scan shortcuts as they are created and extracted from an archive. If you wish to see this feature added, please show your support and we will make the decision based on your feedback.