Breaking Some Malicious LNKs with MSRT

The MMPC added the following MS10-046 related threats to the MSRT detection capability in August:

Former blog posts have mentioned threats like Stuxnet, Vobfus, and Sality, which have incorporated the use of the CVE-2010-2568 vulnerability fixed by the MS10-046 bulletin (see timeline below). It’s clear that an increasing number of malware families are incorporating this vulnerability. Today’s MSRT release represents another step Microsoft is taking to cleanse the ecosystem of this infection vector.  If you happen to have declined MSRT update from Windows Update, you can download and run it from Microsoft Download Center.  For enterprise/WSUS users, refer to our KB article about how to deploy MSRT.

We highly encourage our readers to apply all security updates to protect themselves from this and other vulnerabilities.
One of the threats using this vulnerability that we recently discussed is Sality.  It is a virus (a.k.a file infector) and has the potential to infect many files on your computer, making the disinfection tricky and time consuming, since in many cases it must repair, not simply delete, the troubled files.  Recall that MSRT is a “cleanup” tool.  It does not provide Real-time protection. To protect from re-infection, a full AV product such as Microsoft Security Essentials is needed. 
Many thanks to our researchers Hamish, Vince, Francis, Hemanth, Mady, Jeremy, et al. for working around the clock to add the detections on all these threats.
-Scott Wu

Comments (0)

Skip to main content