New Flaw in Windows Facilitates More DDOS Attacks

Dr. Roy Schestowitz

2010-07-27 22:03:18 UTC
Modified: 2010-07-27 22:03:18 UTC

Summary: Shoddy Microsoft software continues to provide opportunities for disgruntled people to attack and take down servers they dislike

ANY Windows botnet which is enabled by "Zeus" (Zeus is known to be a cause of DDOS attacks) is already taking advantage of Microsoft's latest severe flaw which affects even fully patched Windows:

Miscreants behind the Zeus cybercrime toolkit and other strains of malware have begun taking advantage of an unpatched shortcut handling flaws in Windows. It was first used by a sophisticated worm to target SCADA-based industrial control and power plant systems.

No patch is available yet:

Security researchers have found more malware exploiting an unpatched Windows vulnerability via .LNK shortcut files.

According to Sophos blog July 23, two other pieces of malware have been observed targeting the bug. One is a keylogging Trojan the company is calling Chymin-A that is "designed to steal information from infected computers." The other is Dulkis-A, a "worm written in obfuscated Visual Basic" that contains several subcomponents.

More here:

Slovakian security firm Eset reports the appearance of two malware strains that exploit security vulnerabilities in the way Windows handles .lnk (shortcut) files, first used by Stuxnet to swipe information from Windows-based SCADA systems from Siemens.

We covered those SCADA incidents earlier today. This has a serious impact on the world's energy, not to mention those BP BSODs which we've already covered in [1, 2, 3].

The damage costs a lot of money and time (which can be equated to money) and the security world is "ill-equipped to solve digital whodunnits," reports The Register.

“A lot of those efforts are very unqualified and pedestrian,” said Parker, who is director of security consulting services at Washington, DC-based Securicon. “There's really not any science behind the efforts that many people have been making recently that have resulted in stories like China is attacking us, Russia is attacking us, Korea is attacking us.”

It is really hard to know where DDOS attacks come from these days. People don't control their Windows PCs, which can be hijacked and chained back to some botmasters whose interests are not known.

Georgia has an unfortunate DDOS story to tell about its national infrastructure; after years of investigation it is still not perfectly clear if the Russian government had something to do with it or not. One youngster claims responsibility, but can he be believed? It can be hard to verify. And if one youngster can paralyse an entire nation, what does that teach us about those Windows zombies he used? ⬆

Gemini Links 23/12/2025: Hydraulic Pressure Balance and mercury://: Links for the day
Techrights as 'Regulator' Against Runaway Trains: "Runaway trains" never scared us because we know that they, unlike us, don't think rationally
Social Control Media is Bots (Fake Traffic, Fake 'Engagement'): As per FORTUNE, 76% of Twitter is alleged to be bots now
"Major [IBM] Reductions Will Take Place Soon in Rochester MN": Maybe that's just the latest office gossip
A Good End for a Fine Year: Today we saw some pleasant news online about the growth of GNU/Linux and more perils impacting Windows and XBox
Serial Sloppers Lost Momentum, Sites With "Linux" in Their Name Barely Bother Anymore: Will 2026 be the year slopfarms jump the shark?
Gemini Links 23/12/2025: "The sun is shinning" and "problem in the Butlerian Jihad setup": Links for the day
Links 23/12/2025: "Over 8,700 News Articles Censored in Turkey in 2024" and "Photos Are Being Deleted From the Epstein Files": Links for the day
Links 23/12/2025: That ‘Satisfying Click’ and Security Lapses, Car Bomb Kills Russian Lieutenant General Fanil Sarvarov: Links for the day
Links 23/12/2025: GNU Taler 1.3, US Regime Censors Television Again: Links for the day
Valve Can Bring More Users to GNU/Linux, But It Won't Bring Freedom: Steam is DRM
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, December 22, 2025: IRC logs for Monday, December 22, 2025
How the Slop (So-called 'AI') Bubble Will Burst Next Year: There are already talks about mass layoffs in January
"Generative AI Bubble Has Begun to Pop", Nvidia Rides “Circular Financing... a Strategy That Hearkens Back to the Dot-com Crisis”: For companies like Microsoft this may mean another 30,000+ layoffs next year
Microsoft-Connected Media Talking About XBox Division "Profit Margins" is Distraction From XBox Sales Collapsing 70% in One Year: The simple fact is, Microsoft's console is dead in the water
The Reality is "Vibe Code" (Slop) is That It's Worthless: “Confidently Wrong”
British Web Developers Can Probably Ignore Firefox Users (Based on US Standards): Mozilla has managed to piss off enough people
On the 'Digital Gulag' of 'Secure Boot' and Microsoft Disguising Its Attacks on Users as "Security": Dr. Andy Farnell has this new article
Slopfarms Can Only Survive in Google News, Which is Still Promoting Them: Google News promoted only 3 slopfarms today
Gemini Links 22/12/2025: Films, Creativity vs. Consumption, Slop in YouTube: Links for the day
Microsoft XBox Losing Money, Layoffs and Studio Shutdowns (As Well as Price Hikes) Not the Solution: Microsoft does not quite talk about profits
Links 22/12/2025: Data Breaches, deterioration in Politics, and Geminispace: Links for the day
Links 22/12/2025: North Korean Applicants Target GAFAM (Amazon), ‘Orwellian Climate of Fear’ of CPC (Even Outside China): Links for the day
More IBM Layoffs in India: It's not as simple as "laid off to be replaced by an Indian"
GAFAM Deeply Connected to Jeffrey Epstein, Richard Stallman (RMS) in No Way Connected to Jeffrey Epstein: people who hoarded all the capital get to decide what people think and say
Linus Torvalds Has a Birthday This Coming Weekend, Thankfully He Still Controls His Main Project: GNU and Linux should remain under their control as long as they live
Mozilla is Getting Attention for All the Wrong Reasons, Take a Look at LibreWolf: Just last week Mozilla added a new top-level manager who (as usual) came from a "tech giant"
When Conformism Means Capitulation and Defeat: In an age of injustices like these, we all have some kind of moral obligation not to be conformist.
Text is Still King: But the so-called 'industry' insists that we should download 10 MB of objects from multiple domains... even just to read 5-10 paragraphs of text
Links 22/12/2025: Facebook "Testing $14.99 Monthly Subscription Fee to Post Links" and "Middle East Petrostates as American Media Owners": Links for the day
Beyond the World Wide Web (WWW): We continue to treat Gemini Protocol as a first-class citizen
Serbia: GNU/Linux Rises, Windows Down to All-Time Lows: According to statCounter
"Wrestling With Pigs": "Never wrestle with a pig. You both get dirty, and the pig likes it."
Productive Year and Better Access to Techrights' Archives Going Back to 2006: we've long needed and wanted native, local, independent search facilities
Linux Abandoned by Linux Foundation: It speaks for Microsoft and for so-called 'AI' companies
Microsoft Has Practically Given Up on XBox Already: Expect many XBox related layoffs when 2026 starts (Q1)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, December 21, 2025: IRC logs for Sunday, December 21, 2025
"Today's [Red Hat] is run by a cabal of vultures.": it seems safe to assume Red Hat too will languish away
Microsoft Layoffs in 2026 Can be Bigger Than 2025 Microsoft Layoffs (30,000+ Workers Laid Off): "Is there going to be any reorg or Microsoft layoffs?"
Gemini Links 21/12/2025: Solstice, Chaos of CSS, and Program Interpreter Fun: Links for the day
The Free Software Foundation (FSF) Represents People, Not Corporations: FSF isn't in the "business" of appeasing oligarchs
Why?: Why write articles?
Microsoft-Connected Publisher Spinning XBox's Death Spiral (It's Dying Fast) as a Strength and Something Deliberate: "Microsoft’s big gaming pivot"
Slop is Rare by Now: A year ago slop was so abundant that we did a whole series about it, and it was daily
Links 21/12/2025: U.S. Strikes in Syria, "Epstein Files Photos Disappear From Government Website": Links for the day
Gemini Links 21/12/2025: Labrador Retriever of Lagrange's Developer Dies From Cancer, Political Philosophy, and "Getting to Inbox Zero": Links for the day
IBM: We Can't Make 'AI' (Voice Recognition) Do the Work of a McDonald's Teenager, So Let's Try the Same on Saudi Planes: IBM is lost. It's truly lost.
Microsoft is Becoming Irrelevant: The Case of Georgia: Not Georgia Tech
Sirius Open Source is Now Imminently Dead (Struck Off): compulsory strike-off
Dr. Richard Stallman, Invited by LibreTech Collective, is Giving a Public Talk in Georgia Tech Next Month (Scheller College of Business): They can probably squeeze about 400 people into this room
25 Years of Activism for GNU/Linux: My passion for GNU/Linux brought a lot of contentment
Africa, Where Microsoft Used De Facto Slaves to Pretend to be "AI", Chatbots Usage is 0.2% of Measured Online Traffic: Judging by recent trends in Africa, many "Windows PCs" are being converted into GNU/Linux computers
New Drone Footage Shows IBM is Dead (Parts of It): The people who participated in IBM when IBM actually mattered probably have boasting rights, unlike people who work for IBM today
Michael Larabel Adds Slop Category to Phoronix, Quickly Realises That It's Worthless: Phoronix nowadays gets carried away; it made a new category to talk about slop and it decided to call it "intelligence" with some caricature of a brain (that's misleading)Phoronix nowadays gets carried away; it made a new category to talk about slop and it decided to call it "intelligence" with some caricature of a brain (that's misleading)
After 35 Years the World Wide Web, HTML, and HTTP Are Proprietary: HTTP/2 added a lot of complexity (it's just a Google protocol, based on SPDY originally), many image formats are proprietary and patented, HTML got 'replaced' by Java-Scripts [sic], and many URLs (the URL system was created in the early 90s) are just long strings for proprietary 'webapps'
The General Public License (GPL) Inspired the Web's Original Openness/Freedom, According to Tim Berners-Lee: "During the preceding year I had been trying to get CERN to release the intellectual property rights to the Web code under the General Public License (GPL) so that others could use it."
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, December 20, 2025: IRC logs for Saturday, December 20, 2025

New Flaw in Windows Facilitates More DDOS Attacks

Recent Techrights' Posts