CVE-2010-2568

More graphs and statistics in full PDF version 2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘The Second Most Porn-Hungry Country in the World‘ and is now implementing a law on age-verification for pornography lovers that will p...

In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds. USB devices have been around for almost 20 years, offering an easy and convenient way to store and transfer digital files betwee...

How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents the full toolset or whether there’s more to come, related to either Equation or another targeted threat actor. Of course, Equation Group is not the...

If you get taken down by this 13-year-old malware, you probably deserve it

One of the world's most famous net menaces, SQL Slammer, has resumed attacking servers some 13 years after it set records by infecting 75,000 servers in 10 minutes, researchers say. The in-memory worm exploits an ancient flaw in Microsoft SQL server and Desktop Engine triggering denial of service, and at the time of its emergence significantly choking internet traffic. Researcher Michael Bacarella first raised the alarm to Slammer which was created on the back of public proof-of-concept exploit ...

What does it take to get people patching? Not Reg readers, obviously. Other, silly people

Some 200,000 systems are still susceptible to Heartbleed more than two years and 9 months after the huge vulnerability was disclosed. Patching efforts spiked after news dropped in April 2014 of the world's most well-known and at the time then most catastrophic bug. The vulnerability (CVE-2014-0160) that established the practice of branding bugs lived up to its reputation: the tiny flaw in OpenSSL allows anyone to easily and quietly plunder vulnerable systems stealing passwords, login cookies, pr...

Researchers find crusty Stuxnet, Conficker, are still the web's top threats

The crusty headless Conficker worm is the web's most prolific web threat, says security Check Point. The net menace was the one-time world's biggest bot worming its way since 2008 through millions of machines across every country in the world, smashing through social networks including Facebook, Skype, and popular email services. It exploits a Windows vulnerability (CVE-2008-4250) shuttered in a Microsoft critical update that year. Check Point says it registered the worm as the chief threat last...

Crusty bait makes for great phishing

The six-year-old vulnerability first burnt by Stuxnet remains the internet's chief pwning vector and is a key instrument of the world's worst exploit kit known as Angler. The vulnerability is a hole in Windows Shell that is both long since patched and well publicised as part of its discovery in the US' Stuxnet worm, the killer malware that laid waste to the Natanz uranium enrichment plant. Many malware families exploit the vulnerability but users would be most likely to encounter it when faced w...

Wait, what? Wasn’t the Stuxnet LNK vulnerability CVE-2010-2568, reported by Sergey Ulasen, patched years ago? Didn’t Kim Zetter have enough time to write 448 pages of thoroughly footnoted research on this digital weaponry? Yes, it was, but MS10-046 didn’t completely fix all of the vulnerable code path. And, we just might start to call it the Fanny LNK 0day, after Equation’s poorly QA’d USB worm spread across Pakistan exploiting the same LNK vulnerability years earlier than Stuxne...

At the Virus Bulletin conference in 2010, researchers from Kaspersky Lab partnered with Microsoft to present findings related to Stuxnet. The joint presentation included slides dealing with various parts of Stuxnet, such as the zero-days used in the attack. Perhaps the most interesting zero-day exploit from Stuxnet was the LNK exploit (CVE-2010-2568). This allowed Stuxnet to propagate through USB drives and infect even machines that had Autorun disabled. It was discovered during the 2010 researc...

Stuxnet, Sality, Gauss, Flame still infecting your unpatched boxen

Nearly 20 million computers remain infected with malware targeting a vulnerability first targeted four years ago by the Stuxnet worm. The flaw (CVE-2010-2568) was a Windows operating system bug in the way shortcuts worked allowing quiet download of the random dynamic library on Win Server 2003 and XP through to version 7. Since July 2010 it has continued to power the Sality worm, and fueled Stuxnet and its derivatives Flame and Gauss on unpatched machines. The Red October malware emerged in Janu...

Full PDF version At Kaspersky Lab we regularly conduct threat studies dedicated to a particular type of cyber threat. This summer we decided to look closely at what versions of Windows Operating System are most popular among our users and also at what kind of vulnerabilities are used in cyber-attacks involving exploits. As a result we prepared a study called “Windows usage and vulnerabilities’. Some of its results were rather predictable – but some were really surprising. The summer of 201...

A lot of our everyday communication and commercial activities are now taking place online, the threat from cybercrime is increasing, targeting citizens, businesses and governments at a rapidly growing rate. Organizations and individuals are worried about the increase of Cybercrime, not just because of financial damage, but loss of privacy and intellectual property, in addition to reputation problems. Recent statistics have shown dramatic growth in the Cybercrime in the UAE. Emerging markets ha...

This section of the report forms part of the Kaspersky Security Bulletin 2013 and is based on data obtained and processed using Kaspersky Security Network (KSN). KSN integrates cloud-based technologies into personal and corporate products, and is one of Kaspersky Lab’s most important innovations. The statistics in this report are based on data obtained from Kaspersky Lab products installed on users’ computers worldwide and were obtained with the full consent of the users involved. The mobi...

You can download PDF version of this article here. While analyzing the Flame malware that we detected in May 2012, Kaspersky Lab experts identified some distinguishing features of Flame’s modules. Based on those features, we discovered that in 2009, the first variant of the Stuxnet worm included a module that was created based on the Flame platform. This indicates that there was some form of collaboration between the groups that developed the Flame and Tilded (Stuxnet/Duqu) platforms. Based on...

Introduction Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga. It was probably created in mid-2011 and deployed for the first time in August-September 2011. Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-...

This is Kaspersky Lab’s annual threat analysis report covering the major issues faced by corporate and individual users alike as a result of malware, potentially harmful programs, crimeware, spam, phishing and other different types of hacker activity. The report has been prepared by the Global Research & Analysis Team (GReAT) in conjunction with Kaspersky Lab’s Content & Cloud Technology Research and Anti-Malware Research divisions. The year 2010 has been almost identical to the prev...

The third quarter of 2010 turned out to be more eventful than the preceding quarter. Over 600 million attempts to infect users’ computers with malicious and potentially unwanted programs were blocked during this period; an increase of 10% on the second quarter of this year. Out of all of the objects detected, over 534million were malicious programs. There was an emergence of ultra- sophisticated malware in this quarter too. This was the first time we have seen malware which used not one, but f...

By far the biggest threat to users this month was drive-by downloads. This type of attack can result in users’ computers being infected even when visiting legitimate sites. Here’s a quick reminder of how drive-by downloads infect computers. First of all, a user visits a legitimate site that has been infected or a site belonging to cybercriminals where a redirect script is located. A good example of just such a script is Downloader.JS.Pegel, one of the most prevalent redirects of recent times...

Kaspersky Lab presents its malware rankings for October. Overall, October was relatively quiet, although there were a few incidents worthy of note. Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month. What makes this malware interesting is that it generates links using a special algorithm based on the current date and time on the infected computer. Murofet gets the system’s current year, month, date, and minute, generates two double words,...

The security was tight enough, but the raider knew exactly where the weak point in the system was. He had undergone special training to help him slip unnoticed through loopholes like these and infiltrate the network. The raider creates the loophole that lets others in — spies, thieves or secret agents, who then force the system to operate according to their bosses’ wishes. As long as the loophole stays open… This is not a scene from a computer game, this type of scenario is played out usin...

Kaspersky Lab presents its malware rankings for September. There are relatively few new malicious programs in either ranking. It is, however, worth highlighting a new ‘bundle’: Trojan-Dropper.Win32.Sality.cx which installs Virus.Win32.Sality.bh to an infected computer. The dropper spreads using a vulnerability in WinLNK files (i.e., Windows shortcuts). It’s also worth noting that in September the number of exploits targeting CVE-2010-1885 (the Windows Help and Support Center vulnerability)...

In August, there was a significant increase in exploits of the CVE-2010-2568 vulnerability. Worm.Win32.Stuxnet, which notoriously surfaced in late July, targets this vulnerability, as does the Trojan-Dropper program which installs the latest variant of the Sality virus – Virus.Win32.Sality.ag. Unsurprisingly, black hats lost no time in taking advantage of this latest vulnerability in the most commonly used version of Windows. However, on 2 August Microsoft released MS10-046 which provides a pa...

Over the weekend I spent more time looking into the zero-day LNK (shortcut) Windows vulnerability that Aleks blogged about last week. It’s now been classified as CVE-2010-2568 and is being actively exploited in the wild. My main conclusion is that this vulnerability is a fundamental part of how Windows handles LNK files. This means there are two huge negatives – firstly, as this functionality is pretty standard, it’s going to be harder to create effective generic detections which don’t c...