Exploit.Win32.CVE-2010-2568.z

From Total Malware Info

Jump to: navigation, search
The description for Exploit.Win32.CVE-2010-2568.z was created during beta-test of «Malware description on demand» service. Learn more about at: www.dnt-lab.com/en/services.
Exploit.Win32.CVE-2010-2568.z

Last edited:

30.4.2011

The exploit is designed to automatically launch other programs from USB-drives. It is a Windows shortcut (LNK-file). Its size is 461 bytes.

MD5: 0FCD30C5093D798917AEE203263ED2DB

SHA1: ABDAD79CA98697CFC1E2BDF8FD8C23F205080C30

Payload

Once launched, the exploit uses the vulnerability CVE-2010-2568 in "shell32.dll". This vulnerability allows local users or remote attackers to execute arbitrary code via a crafted .LNK or .PIF shortcut file, which is not properly handled during icon display in Windows Explorer.

When a user opens an infected USB-drive by using the Windows Explorer, the following command line will be launched: 

C:\Windows\system32\rundll32.exe setup50045.fon,6279f92e

Thus, the function "6279f92e" will be called from DLL "setup50045.fon" using the system utility "rundll32.exe".

Removal Instructions

If your computer was not protected by an antivirus and was infected with this malware, follow these steps to remove it:

1. Delete the original malicious file (the location on the infected computer will depend on how the program originally penetrated the victim machine).

2. Perform a full system scan with an antivirus with updated databases.

Can't find a description for a specific malware?
You can order a description for any computer malware, virus, trojan or worm.
Retrieved from "http://www.totalmalwareinfo.com/eng/Exploit.Win32.CVE-2010-2568.z"
Language
Video Tutorials
Computer and Internet Security Video Tutorials
© 2011 "Design and Test Lab", LLC. All rights reserved.