While one-liners have made many Hollywood films legendary, some one-liners in the IT world have brought systems down to their knees. Most recently this unpatched zero-day bug that can corrupt an NTFS-formatted hard-drive. Like Medusa in Greek mythology, if your Windows system sees the icon of this one-line command, it will turn to stone.
Unlike ransomware, the end-result of this NTFS file system vulnerability is to sow chaos and destruction. So any malicious actor who chooses to deploy this to unsuspecting victims will just be satisfying a sick sense of humor, or a sociopathic lust for chaos.
This vulnerability was discovered by a security researcher named Jonas L since August 2020 and once again posted it to gain Microsoft’s attention. The vulnerability is a very short one-line command.
$130 being an NTFS index attribute that contains a directory’s files and subfolders. The command stated above for some reason corrupts an NTFS formatted drive. Windows commands can easily be crafted as Windows shortcuts or shortcut files. Malicious actors can then send the shortcut file via email, which if clicked can send any system spiraling down a rabbit hole. The system will first display the following message:
“The file or directory is corrupted and unreadable.”
After which, Windows will prompt the user to restart the PC, where it will attempt to repair the corrupted drive which could subsequently fail.
Even if the user doesn’t click or run the file, if the user chooses to save the file in any folder, and then open the folder which is set to display icons instead of file details, the file gets triggered when Windows tries to display the file’s icon.
Now those aware can watch out for this file on their email but if it’s packaged in a ZIP or RAR file along with other files, the file becomes triggered once extracted and the user accesses the folder that it’s in.
The solution? Until Microsoft comes up with a solution, it’s always best to be extra vigilant and only open emails from trusted sources. Even so, beware of any shortcut files included in RAR and Zip packages. Otherwise, it’s Hasta La Vista for your system.