Security Experts:

Four-Year Old Flaw Exploited by Stuxnet Still Targeted

It was 2010 when the Stuxnet malware first appeared in the public consciousness.

Though the years have passed however, there is no shortage of machines still vulnerable to attacks on one of the vulnerabilities the malware exploited as it trotted across the globe.

According to a paper released by Kaspersky Lab, CVE-2010-2568 remains a widely exploited security hole. Despite the age of the vulnerability, Kaspersky Lab detected tens of millions of exploits targeting the bug between November 2013 and June 2014, though not all may correlate to individual attacks due to the way the bug is exploited. 

The vulnerability is a shortcut handling error in Microsoft Windows that affects XP, Vista, Windows 7 and Windows Server 2003 and 2008. If successfully exploited, attack code could be executed when the operating system displays the icon of a malicious shortcut file. The vulnerability was patched in August of 2010.

"The first malware exploiting this vulnerability was registered in July 2010," the Kaspersky Lab report explained. "Specifically, the worm Sality uses this vulnerability to distribute its own code: the worm generates vulnerable shortcuts and distributes them through LAN. Should a user open the folder containing such shortcut, the malicious program immediately begins launching. After Sality and Stuxnet this vulnerability was used by the well-known Flame and Gauss spyware."

Most of the detections of exploits for the vulnerability are registered in Vietnam, India, Indonesia, and Brazil, according to the report. Kaspersky Lab speculated that the persistence of the vulnerability may be due to the fact that many network administrators are not paying close enough attention to public servers under their control. As a result, malware such as Sality continue to propagate.

"Non-protected workstations running under a vulnerable version of Windows may become the entry point for a targeted of attack on the company," according to report.

"As we have pointed out in a blog back in May, some vulnerabilities never die," Barry Shteiman, director of security strategy at Imperva, said in a statement. "It’s not because they are overly complex or a patch has not yet been built...In many of the cases it's just because customers just don’t have the cycles or the awareness to patch. It is not uncommon to see systems go unpatched for years simply because there may be complexity involved with changes that the fix introduces."

Hackers understand this, he added, which is why old vulnerabilities remain in use today.

Other common Microsoft vulnerabilities observed being exploited during the November 2013 to June 2014 time period include CVE-2012-0158 and CVE-2010-3333, according to the report. Overall, Kaspersky Lab recorded a total of 15.06 million exploit detections on 3.64 million computers running various versions of Windows. Roughly 53 percent of these involved exploits written for Java vulnerabilities, the firm found. 

view counter