Skip to main content

Woburn, MA – August 5, 2014 - The CVE-2010-2568 vulnerability was discovered back in 2010 at the same time as the notorious Stuxnet worm. Even today malware program exploiting this vulnerability remains widespread and poses a threat to users: 19,000,000 users encountered it in an eight-month timeframe from November 2013 to June 2014. These are among the findings of Kaspersky Lab's "Windows usage and vulnerabilities" research conducted in the summer of 2014.

CVE-2010-2568 is a shortcut handling error in Windows, allowing attackers to load an arbitrary DLL without the user's knowledge. This vulnerability affects Windows XP, Vista and Windows 7 as well as Windows Server 2003 and 2008. It was most famously exploited by Stuxnet – the worm detected in June 2010 and notorious in that it apparently led to the physical destruction of uranium enrichment equipment at nuclear facilities located in Iran.

As early as in the autumn of 2010, Microsoft released a security update which patched this vulnerability. In spite of this, Kaspersky Lab's detection systems still register millions of instances in which malware exploiting this vulnerability is detected. Within the research period of November 2013 to June 2014, over 19,000,000 users encountered this threat.

When viewed country by country, the malware instances targeting this vulnerability were most often detected on the computers of users residing in Vietnam (42.45%), India (11.7%), Indonesia (9.43%), Brazil (5.52%) and Algeria (3.74%).

 

The geographical distribution of all registered CVE-2010-2568 detections

Remarkably, the same research indicates that Vietnam, India and Algeria are all on the list of countries with the most CVE-2010-2568 detections, and among the leaders in terms of the numbers of users still using Windows XP. That very operating system occupies the most detections of CVE-2010-2568 with 64.19 percent reported from computers running under Windows XP. Windows 7, currently the most widely used in the world, only had 27.99 percent detections. Next come Windows Server 2008 and 2003 with 3.99 percent and 1.58 percent detections respectively.

In this specific case, the large number of detections does not directly translate into a large number of attacks. Due to the peculiar ways this vulnerability is exploited, it is impossible to accurately differentiate between cases when Kaspersky Lab's product protected from real attacks involving malware exploiting CVE-2010-2568, and the cases when they only detected vulnerable shortcuts automatically generated by a specific worm.

The large number of CVE-2010-2568 detections is a testimony to the fact that globally, there are still many computers that are vulnerable to attacks involving malware exploiting this vulnerability. Kaspersky Lab's experts presume that most of these detections stem from poorly maintained servers without regular updates or a security solution; such servers may be inhabited by a worm that uses malware exploiting this vulnerability. Following their designed logic, such malware programs routinely create malicious shortcuts in a general access folder; each time a user protected by a Kaspersky Lab's solution and having access to that folder clicks on such a shortcut, the detection takes place.

"This type of situation obviously creates an on-going risk of malware infection in organizations where these vulnerable servers still operate," says Vyacheslav Zakorzhevsky, Head of the Vulnerability Research Team at Kaspersky Lab. "Therefore we urge corporate IT managers to devote more attention to ensuring that software is kept up to date on corporate computers, and to employ adequate cyberthreat protection tools."

Protection technologies

To minimize the risk of encountering attacks involving vulnerabilities, Kaspersky Lab's experts recommend that users update their software regularly, delete unused software and use a reliable security solution equipped with technologies to counteract exploit attacks.

For example, Automatic Exploit Prevention from Kaspersky Lab is able to fight attempts to exploit currently unknown software vulnerabilities thanks to heuristic detection, and its effectiveness is confirmed by independent researchers. This technology is incorporated in Kaspersky Lab's home and corporate products such as Kaspersky Internet Security Multi-Device, Kaspersky Small Office Security and Kaspersky Endpoint Security for Business.

About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 16-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.com.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2012. The rating was published in the IDC report "Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2012.

For the latest in-depth information on security threat issues and trends, please visit:

Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact
Sarah Bergeron
781.503.2615781.503.2615 
sarah.bergeron@kaspersky.com

The 0-day Vulnerability exploited by Stuxnet still threatens users, Kaspersky Lab study finds

The 0-day Vulnerability exploited by Stuxnet still threatens users, Kaspersky Lab study finds
Kaspersky Logo