Cyber criminals abuse an open security vulnerability in all Windows versions to inject malware into PCs
Tettnang, 21 July 2010 – In Windows operating systems there is currently a vulnerability which attackers can abuse to smuggle in viruses. It suffices to open a specially prepared USB stick or a folder containing a manipulated link with Windows Explorer, warns IT security expert Avira, whose security software protects from this threat.
For the security vulnerability in the processing of file links (.lnk files) within all supported Windows operating systems, Microsoft released a security advisory; an update to eliminate this vulnerability is not yet available, though. The company currently merely provides a guide to deactivate a Windows service as well as the defective processing routines for the .lnk files, which seems to be too complicated for the most users and poses the risk to render the system unusable by a small error. Additionally, the start and quick start menu show a standard icon for all programs after the procedure, which decreases usability significantly.
Thorsten Sick, Product Manager at Avira, recommends to use up-to-date antimalware: “Avira protects users from this threat by detecting and blocking malware which abuses the vulnerability with heuristic analysis. Avira herewith delivers proactive protection against this vulnerability, already without requiring special virus definition updates.” Malware of this kind is detected by Avira as EXP/CVE-2010-2568.A and EXP/CVE-2010-2568.B, respectively.
The security vulnerability was abused by a Trojan at first which Avira detects as RKit/Stuxnet.A. It can, for instance, spread via USB sticks. The malware becomes active just by opening the USB stick with Windows Explorer. Meanwhile, there is Proof-of-Concept code available on the Internet which cyber criminals can put into their malware to abuse the vulnerability. It is very likely that more malware will show up in the next days abusing this security hole.
The basic protection of Avira AntiVir Personal detects and blocks the dangerous malware. Avira AntiVir Premium offers a higher protection level for $25.93. The integrated WebGuard and MailGuard block the malware even before it reaches the web browser or mail program. The Avira Premium Security Suite for $51.93 also protects from these threats and additionally contains a firewall, parental control and a backup solution – so that users can restore their important data.