Hackers are exploiting a strange bug that lets a simple text string ‘corrupt’ your Windows 10 or Windows XP computer’s hard drive if you extract a ZIP file, open a specific folder, or even click on a Windows shortcut. The hacker adds the text string to a folder’s location, and the moment you open it, bam — hard drive issues.
Or so you might assume when you see a “restart to repair hard drive errors” warning appear in Windows 10. Odds are good that your data is actually fine, but you’ll still have to run chkdsk to be sure.
All that appears to be happening from this is that the volume dirty bits get flipped in the $Volume file. Until those bits are reset, Windows will see the volume as corrupted. The file system is not actually corrupted by .:$i30:$bitmap.
— Troy L (@VM_vivisector) January 14, 2021
The bug was first discovered and disclosed by security researcher Jonas L, then Will Doorman of the CERT Coordination Centre confirmed those findings. According to Doorman, the flaw is one of many similar issues in Windows 10 that have gone unaddressed for years. Worse, there are more ways to execute the attack beyond just opening a folder.
Seems like it can also be triggered when you paste the command in the URL of a browser except ie so far pic.twitter.com/7XsGhrowps
— Siam Alam (@Slmi0xC) January 15, 2021
According to tests by Bleeping Computer, it appears the text string is effective even if a shortcut icon simply points to a location with the corrupting text. You don’t have to click on or open the file, either; just having it visible on your desktop is enough to execute the attack. The text string also works in ZIP files, HTML files, and URLs.
Microsoft is investigating the issue, but there’s no telling if or when a fix could show up. As a company spokesperson told The Verge:
“We are aware of this issue and will provide an update in a future release. The use of this technique relies on social engineering and as always we encourage our customers to practice good computing habits online, including exercising caution when opening unknown files, or accepting file transfers.”
In the meantime, don’t click on suspicious links or open unknown files. That said, this is an unusual bug that can be exploited in numerous ways, and it’s possible the text string could pop up in unexpected places.
You’re not completely screwed if the bug corrupts your hard drive, however. You might have to run an automatic or manual drive scan and repair, but it’s possible that this entire process could create more havoc on your PC than intended. Our advice? Keep your files backed up just in case you run into a weird situation like this — or for any unintended data loss. You can never be too careful. That way, if you absolutely have to reinstall Windows from scratch, it won’t be a disaster, just a hassle.