It was 2010 when the Stuxnet malware first appeared in the public consciousness.
Though the years have passed however, there is no shortage of machines still vulnerable to attacks on one of the vulnerabilities the malware exploited as it trotted across the globe.
According to a paper released by Kaspersky Lab, CVE-2010-2568 remains a widely exploited security hole. Despite the age of the vulnerability, Kaspersky Lab detected tens of millions of exploits targeting the bug between November 2013 and June 2014, though not all may correlate to individual attacks due to the way the bug is exploited.
The vulnerability is a shortcut handling error in Microsoft Windows that affects XP, Vista, Windows 7 and Windows Server 2003 and 2008. If successfully exploited, attack code could be executed when the operating system displays the icon of a malicious shortcut file. The vulnerability was patched in August of 2010.
“The first malware exploiting this vulnerability was registered in July 2010,” the Kaspersky Lab report explained. “Specifically, the worm Sality uses this vulnerability to distribute its own code: the worm generates vulnerable shortcuts and distributes them through LAN. Should a user open the folder containing such shortcut, the malicious program immediately begins launching. After Sality and Stuxnet this vulnerability was used by the well-known Flame and Gauss spyware.”
Most of the detections of exploits for the vulnerability are registered in Vietnam, India, Indonesia, and Brazil, according to the report. Kaspersky Lab speculated that the persistence of the vulnerability may be due to the fact that many network administrators are not paying close enough attention to public servers under their control. As a result, malware such as Sality continue to propagate.
“Non-protected workstations running under a vulnerable version of Windows may become the entry point for a targeted of attack on the company,” according to report.
“As we have pointed out in a blog back in May, some vulnerabilities never die,” Barry Shteiman, director of security strategy at Imperva, said in a statement. “It’s not because they are overly complex or a patch has not yet been built…In many of the cases it’s just because customers just don’t have the cycles or the awareness to patch. It is not uncommon to see systems go unpatched for years simply because there may be complexity involved with changes that the fix introduces.”
Hackers understand this, he added, which is why old vulnerabilities remain in use today.
Other common Microsoft vulnerabilities observed being exploited during the November 2013 to June 2014 time period include CVE-2012-0158 and CVE-2010-3333, according to the report. Overall, Kaspersky Lab recorded a total of 15.06 million exploit detections on 3.64 million computers running various versions of Windows. Roughly 53 percent of these involved exploits written for Java vulnerabilities, the firm found.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- FDA Announces New Cybersecurity Requirements for Medical Devices
- Report: Chinese State-Sponsored Hacking Group Highly Active
- Votiro Raises $11.5 Million to Prevent File-Borne Threats
- Lumen Technologies Hit by Two Cyberattacks
- Leaked Documents Detail Russia’s Cyberwarfare Tools, Including for OT Attacks
- Mandiant Investigating 3CX Hack as Evidence Shows Attackers Had Access for Months
- Severe Azure Vulnerability Led to Unauthenticated Remote Code Execution
- Anti-Bot Software Firm DataDome Banks $42M Financing
