Randy Abrams, director of technical education, ESET LLC
September 01, 2010
Threat of the month

LNK/Exploit.CVE-2010-2568

Randy Abrams
Randy Abrams

What is it?
LNK/Exploit.CVE-2010-2568 is one of the names for the generic detection of a malicious .lnk file that attempts to exploit a Windows vulnerability. Microsoft released a patch, and there are mitigation techniques that are effective, but ugly. The result is that many shortcuts do not display their icons anymore, including start menu and quick launch icons.


How does it work?
Even though this vulnerability is patched, attempts to exploit it are going to be included in many bots and other malware families as an attempted infection vector. The vulnerability allows code to be executed simply by viewing the icon of a specially crafted .lnk file. For those unpatched, this means that even if you have autorun disabled, you can put a USB drive in your computer and get infected by viewing the contents of the device in Windows Explorer or any other file manager that displays icons. Listing the directory in a command window is safe.

How can I prevent it?
Install the patch provided on Aug. 2.

From the September 2010 Issue of SCMagazine »

More in Opinions

Follow me on this, your security team includes non-security people

Follow me on this, your security team includes ...

A successful security professional will tap into an organization's entire employee base to get results. And the benefits will go both ways.

Me and my job: Marty Edwards, ICS-CERT

Me and my job: Marty Edwards, ICS-CERT

Marty Edwards' job is to coordinate efforts between the government and the private sector.

Debate: Is advanced malware no longer a problem when administrator rights are ...

In this month's debate, experts discuss if advanced malware is still a persistent challenge after administrator rights are removed.