Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Windows Vulnerability Heavily Targeted During August

Kaspersky Lab UK : 02 September, 2010  (Technical Article)
Kaspersky Lab releases its August malware statistics with stuxnet network worm having a high significance in targeting network vulnerabilities operating in Windows environments
August saw a dramatic growth in malware targeting the Windows CVE-2010-2568 vulnerability according to Kaspersky Lab, who has just announced the publication of its Monthly Malware Statistics for August 2010.

The vulnerability was first targeted by Worm.Win32.Stuxnet, a network worm which gained notoriety back in late July, and then again by Virus.Win32.Sality.ag, the Trojan-Dropper program that installs the latest variant of the Sality virus. However, Microsoft subsequently patched the vulnerability on 2 August with a 'critical' update for all users.

The CVE-2010-2568 vulnerability occurs in Windows LNK and PIF shortcuts and the worms can spread via infected USB devices. Vulnerable computers become infected when users access USB-connected devices. A specifically created shortcut makes the Windows Shell download an external DLL, which then executes any code using the privileges of the user who has launched Explorer.

Three programs associated with the vulnerability appear in Kaspersky Lab's ranking of malware most frequently blocked on users' computers. Two of the exploits, known as Exploit.Win32.CVE-2010-2568.d (in 9th place) and Exploit.Win32.CVE-2010-2568.b (in 12th place) directly target the vulnerability, while Trojan-Dropper.Win32.Sality.r (in 17th place) uses this vulnerability for propagation purposes. It generates vulnerable LNK shortcuts with names designed to attract attention and spreads these across local area networks. The malware is launched when a user opens a folder containing one of these shortcuts.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo