Despite Microsoft’s secret patch, LNK loophole remains viable for hackers to deliver malware

State-sponsored hackers and other Windows attackers have long been delivering malware using bloated link (LNK) files, disguised as legitimate files, but containing malicious shell scripts or entire malware packages invisible to users.

Previously, the LNK file’s “Target” field was limited to only entering 260 characters, and even fewer were immediately visible to users checking the file properties, despite attackers stuffing the files with megabytes of malicious commands.

After the November patch, the Properties dialog of the LNK file shows the entire Target command with arguments. But there’s still a problem.

“The theoretically-up-to-32k-character-long string is now shown in the same single-line field that can’t even reveal an entire modest-sized command without selecting some text and moving the mouse left or right,” 0patch noted in a blog post.

To read the complete article see: Read more.