Randy Abrams, director of technical education, ESET LLC
September 01, 2010
Threat of the month

LNK/Exploit.CVE-2010-2568

Randy Abrams
Randy Abrams

What is it?
LNK/Exploit.CVE-2010-2568 is one of the names for the generic detection of a malicious .lnk file that attempts to exploit a Windows vulnerability. Microsoft released a patch, and there are mitigation techniques that are effective, but ugly. The result is that many shortcuts do not display their icons anymore, including start menu and quick launch icons.


How does it work?
Even though this vulnerability is patched, attempts to exploit it are going to be included in many bots and other malware families as an attempted infection vector. The vulnerability allows code to be executed simply by viewing the icon of a specially crafted .lnk file. For those unpatched, this means that even if you have autorun disabled, you can put a USB drive in your computer and get infected by viewing the contents of the device in Windows Explorer or any other file manager that displays icons. Listing the directory in a command window is safe.

How can I prevent it?
Install the patch provided on Aug. 2.

From the September 2010 Issue of SCMagazine »

Sign up to our newsletters

More in Opinions

Spotting the "black swans" of security

Spotting the "black swans" of security

How can it be that firms can feel confident in their security technology investments and their people, yet ultimately still believe that they remain at great risk?

Me and my job: Blake Frantz, Center for Internet Security

Me and my job: Blake Frantz, Center for ...

A brief Q&A with Blake Frantz, director of benchmark development, security benchmarks division, Center for Internet Security (CIS).

BlackBerry back in the game

BlackBerry back in the game

Thanks to BYOD, gone are the days of one single mobile device manufacturer or model to support, says Dimension Data Americas' Darryl Wilson.