Windows vulnerabilities prove a popular target for cybercriminals in August
Sep 1st, 2010 | Category: KasperskyKaspersky Lab announces the publication of its Monthly Malware Statistics for August 2010. Exploits and worms targeting Windows’ vulnerabilities hit both the ranking of malware most often detected on users’ computers, and the ranking of web threats.
August saw a dramatic growth in malware targeting the CVE-2010-2568 vulnerability. It was first used by Worm.Win32.Stuxnet, a network worm which gained notoriety back in late July, and then again by Virus.Win32.Sality.ag, the Trojan-Dropper program that installs the latest variant of the Sality virus. Quite predictably, the cybercriminals homed in on this new security breach in the most popular version of Windows. However, on 2 August Microsoft released MS10-046, which patched the vulnerability. This update was labeled ‘Critical’, meaning that it should be installed on every susceptible computer as soon as possible.
The CVE-2010-2568 vulnerability occurs in Windows LNK and PIF shortcuts and the worms can spread via infected USB devices. Vulnerable computers become infected when users access USB-connected devices either automatically via the autorun function, or manually through Windows Explorer or another similar file management utility. A specifically created shortcut makes the Windows Shell download an external DLL, which then executes any code using the privileges of the user who has launched Explorer.
Three programs associated with CVE-2010-2568 appear in the ranking of malware most frequently blocked on users’ computers. Two of the exploits, known as Exploit.Win32.CVE-2010-2568.d (in 9th place) and Exploit.Win32.CVE-2010-2568.b (in 12th place) directly target the vulnerability, while Trojan-Dropper.Win32.Sality.r (in 17th place) uses this vulnerability for propagation purposes. It generates vulnerable LNK shortcuts with names designed to attract attention and spreads these across local area networks. The malware is launched when a user opens a folder containing one of these shortcuts.
Both of the exploits targeting CVE-2010-2568 that appear in the ranking are frequently found in Russia, India and Brazil; as is Trojan-Dropper.Win32.Sality.r. Curiously, India is also the primary source of the Stuxnet worm.
A full version of the August malware ranking from Kaspersky Lab is available at: www.securelist.com/en.
Related Posts
No related posts.