New Malware Families Exploit Window Vulnerabilities
Security experts at ESET disclosed on July 22, 2010 that the detection of two latest malicious software families that target an un-patched windows vulnerability. ESET stated that the security holes in the handling of .lnk (shortcut) files by Windows were exploited by the two malware.
The Stuxnet worm was the first to exploit the vulnerabilities detected on computers in Iran (in June, 2010). Systems running Siemens industrial control system management software are targeted by the extremely sophisticated Stuxnet malware. The SCADA (supervisory control and data acquisition) project files are stolen from the Siemen computer systems by the worm.
The first malware family called 'Win32/TrojanDownloader.Chymine.A.' has been identified by the ESET security experts. During the analysis of the malware, the researchers discovered that Chymine.A downloaded and installed a key stroke logger detected as Win32/Spy.Agent.NSO Trojan. The server, which is used to distribute items used in such attacks, is currently based in the US, whereas the IP address belongs to a Chinese customer.
Another threat called Win32/Autorun.VB.RP has been detected by the researchers after the analysis of the first attack. This malware contains CVE-2010-2568 exploit - another distribution agent. Win32/Autorun.VB.RP is found downloading and installing other version, which can be applied to install a different malicious software.
an ESET researcher, Pierrre-Marc, stated that, the recently detected malware was less sophisticated than Stuxnet, and advised bottom feeders capturing on techniques created by others, as per the report publsihed by COMPUTERWORLD on July 22, 2010.
While giving a comment on the usage of windows vulnerability, security researchers think that there is only a small gap between the actual information report of the potential vulnerability and the detection of it used by the malware operators to harm the computers and to maximize their profits.
Apart from ESET, Trend Micro, another security software Firm, also advises that the vulnerabilities can be abused by many other techniques like network shares, malicious websites, booby-trapped Office documents and USB drive infection (a technique used by Stuxnet worm), according to the report published by The Register on July 23, 2010.
A temporary workaround regarding the problem has already been posted by Microsoft and revealed that it is developing a patch.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 05-08-2010