New Flaw in Windows Facilitates More DDOS Attacks

Dr. Roy Schestowitz

2010-07-27 22:03:18 UTC
Modified: 2010-07-27 22:03:18 UTC

Summary: Shoddy Microsoft software continues to provide opportunities for disgruntled people to attack and take down servers they dislike

ANY Windows botnet which is enabled by "Zeus" (Zeus is known to be a cause of DDOS attacks) is already taking advantage of Microsoft's latest severe flaw which affects even fully patched Windows:

Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems.

No patch is available yet:

Security researchers have found more malware exploiting an unpatched Windows vulnerability via .LNK shortcut files.

According to Sophos blog July 23, two other pieces of malware have been observed targeting the bug. One is a keylogging Trojan the company is calling Chymin-A that is "designed to steal information from infected computers." The other is Dulkis-A, a "worm written in obfuscated Visual Basic" that contains several subcomponents.

More here:

Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens.

We covered those SCADA incidents earlier today. This has a serious impact on the world's energy, not to mention those BP BSODs which we've already covered in [1, 2, 3].

The damage costs a lot of money and time (which can be equated to money) and the security world is "ill-equipped to solve digital whodunnits," reports The Register.

“A lot of those efforts are very unqualified and pedestrian,” said Parker, who is director of security consulting services at Washington, DC-based Securicon. “There's really not any science behind the efforts that many people have been making recently that have resulted in stories like China is attacking us, Russia is attacking us, Korea is attacking us.”

It is really hard to know where DDOS attacks come from these days. People don't control their Windows PCs, which can be hijacked and chained back to some botmasters whose interests are not known.

Georgia has an unfortunate DDOS story to tell about its national infrastructure; after years of investigation it is still not perfectly clear if the Russian government had something to do with it or not. One youngster claims responsibility, but can he be believed? It can be hard to verify. And if one youngster can paralyse an entire nation, what does that teach us about those Windows zombies he used? ⬆

How to Identify Demonisation or Dehumanisation Tactics Against Interesting Figures or Luminaries in Free Software: Rather than in general or generally in technology
We Should Learn From Bulgaria: Why can't European companies and government recognise and react to a threat (when they see one)?
Canonical: Ubuntu is GAFAM (US), We're Resellers of American Proprietary Software: They want people to pay for a licence
Links 03/02/2026: "Distraction is a Sin" and Fake "Encryption" (Surveillance With Good Marketing): Links for the day
IBM Falls by Over 10%: a recipe for disasters like accounting fraud
Links 03/02/2026: Windows Copies GNU/Linux, Windows TCO Shown Again: Links for the day
Gemini Links 03/02/2026: Alhena Turns One, Slop Rejected, and Max Roy Carrouges Recalled: Links for the day
Dr. Andy Farnell on Why and How European Authorities Can Adopt Free Software, Parenting in the Age of Digital Abundance: Will Europe use technology that Europe controls (not the hegemon), for a change?
Seems Like IBM Trolls Use Chatbots to Vandalise Platform That Discusses IBM's Secret Layoffs, Forever Layoffs: Not for the first time either
You Know Your Company is Dead or Basically a Pyramid Scheme When Jim Cramer Keeps Promoting Its Stock: How much does IBM pay for "puff pieces" or "fluff" about QC?
Red Hat (Under IBM) Works for Microsoft (Proprietary Software) and Slop: Yesterday Red Hat's official site, redhat.com, published exactly 5 new blog posts
IBM is Dying (More Layoffs), Red Hat Will Continue to Suffer From the Acquisition: Financial engineering
Colombia Adopting GNU/Linux Even Faster (at Microsoft's and Apple's Expense): Do politics play any role in this?
An Effort to Tackle Slavery in 'Open Source' Clothing: "a civil rights lawsuit to examine the concerns of censored developers in the free, open source software ecosystem"
$15 billion lawsuit: Ubuntu, Google & Debian crowdfunding campaign launch: Reprinted with permission from Daniel Pocock
The Solicitors Regulation Authority (SRA) Delusion - Part II - Why We Need to Expose the SRA to More Daylight, Public Scrutiny: SRA is neither effective nor regulated
400-Page US Federal Court Against Abuses by Google, Microsoft and Front Groups That Abuse Volunteers for American Corporations: There are 386 pages in total (in the US claim)
Corporate Influence Never Impacted Us: There's no reason to assume we'll ever "sell out"
Growth of GNU/Linux in Cuba: Right now a lot of the world drafts or already implements a GAFAM exit plan
A Day After EPO Strikes an Escalation to Heads of Delegations to the Administrative Council: They rely on the European media playing along, helping them to hide major blunders, even crimes
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 02, 2026: IRC logs for Monday, February 02, 2026
Gemini Links 03/02/2026: Stargazing, Development Boards, and Tcl/Tk Slop: Links for the day
Microsoft Lost 20% of Its Money in the Past 6 Months: Microsoft is hiding what's really happening while mocking critics
Great News, IBM 'Gained' Almost 10% in "Goodwill" Value After Firing Tens of Thousands in 2025: "goodwill" will be inflated despite IBM staff getting sick of IBM
Americans Move to GNU/Linux: some of the biggest American populations
I Still Like Drawing and Various Other Arts (They Help My Activism and Journalism), Slop is an Enemy of Creative People: Recognise that slop isn't intelligence; it's a generational excuse for plagiarism and privatisation of not only the Commons but also proprietary knowledge (without authorisation)
Carmen-Lisandrette Maris (Mission:Libre) Explains to Adolescents and Young Adults How Free Software Improves Privacy: Based on what we've seen and read, Mission:Libre has a solid grasp of Software Freedom
Chatbots Didn't Do Any Good for Microsoft: Google "AI" = search + copypasta
Links 02/02/2026: Cultural Cleansing by China and 'Living Behind Firewalls" in Iran: Links for the day
GNU/Linux Measured at More Than 4% in Russia: growing adoption of GNU/Linux in Russia
Gemini Links 02/02/2026: Stages of Age, Workflows, and Counting Capsules: Links for the day
Oracle's Debt Rose Over 20 Billion Dollars in Just 3 Months: Is "hey hi" becoming a synonym for debt?
Oligarchs' 'Speech Zones' Are Not the "Public Square": The apologists of social control media, including press that got "addicted" to such fake "media", are helping dictators and oligarchs grab the public attention away from the real press
IBM Misleads and Gaslights Investors With Slop Sold as "AI" (the Business is Waning, Mass Layoffs Continue): People who do this are dishonest. They should not be put in charge.
Links 02/02/2026: 'Melania' a Horror Movie "Will They Inherit Our Blogs?": Links for the day
Doing More Detailed Series (Long-Form Works): Long readings or book-like reading binges are only possible when parts are suitably labeled (name and numbers) if not interlinked
Mobbing at the European Patent Office (EPO) - Part II - Racism, Cocaine Use and White-Collar Corruption: When you hire people illegally, to work for cocaine users and keep quite about the cocaine use, what will be the impact on the reputation of an institution?
A Can of WORMS - Part II - Darkening the Name of RMS, Associating It With Crime: Beware projection tactics
Submit Your Suggestions for EU's Embrace of Software Freedom by Tomorrow: Time to leave GAFAM (US) hegemony behind
Slopless Weekend: This is not sustainable
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, February 01, 2026: IRC logs for Sunday, February 01, 2026
Gemini Links 01/02/2026: Fossil Heating Installations and Some FOSDEM Coverage: Links for the day
The State of Memory Leaks in GNU/Linux: The issue won't be solved by adding more memory
Links 01/02/2026: Nvidia's Jensen Talks Down Microsoft 'Open' 'Hey Hi' and Britain's Starmer Makes Friends With China, Japan: Links for the day
Why Microsoft Accenture Has So Many Layoffs in Recent Years: The debt of Accenture doubled a year ago
Links 01/02/2026: Public TV Gutted by Cheeto, Billionaires Fund a Cheeto Propaganda Movie in 'Documentary' Clothing: Links for the day
The New Site ("New Techrights", SSG Since 2023) Exceeds the Old Site in Requests: The "New Techrights" gets about twice as many requests as the "old" (WordPress) "Techrights", the site of 2006-2023
20 Years Ago: Some time soon all this slop frenzy will become like yesterday's "blockchain" or "metaverse"
Gemini Links 01/02/2026: Zdzisław Beksiński and Disconnected Git Workflow: Links for the day
Talks About Nadella's Microsoft Exit After Chatter About Tim Crook Leaving Apple (Years Ahead of Retirement Age): Mass layoffs and record debt do not represent a company's health.
We Still Cover the Same Problems We Spoke of 20 Years Ago: We're not easily seduced by "novelty" (new things), we try to judge them critically
Patents Standing in the Way: They also cause environmental harm
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, January 31, 2026: IRC logs for Saturday, January 31, 2026
IBM, a Microsoft Company: Microsoft and IBM as a pair go a long way back

New Flaw in Windows Facilitates More DDOS Attacks

Recent Techrights' Posts