Avira warns of Windows vulnerability

Cyber criminals abuse an open security vulnerability in all Windows versions to inject malware into PCs

Tettnang, 21 July 2010 – In Windows operating systems there is currently a vulnerability which attackers can abuse to smuggle in viruses. It suffices to open a specially prepared USB stick or a folder containing a manipulated link with Windows Explorer, warns IT security expert Avira, whose security software protects from this threat.

For the security vulnerability in the processing of file links (.lnk files) within all supported Windows operating systems, Microsoft released a security advisory; an update to eliminate this vulnerability is not yet available, though. The company currently merely provides a guide to deactivate a Windows service as well as the defective processing routines for the .lnk files, which seems to be too complicated for the most users and poses the risk to render the system unusable by a small error. Additionally, the start and quick start menu show a standard icon for all programs after the procedure, which decreases usability significantly.

Thorsten Sick, Product Manager at Avira, recommends to use up-to-date antimalware: “Avira protects users from this threat by detecting and blocking malware which abuses the vulnerability with heuristic analysis. Avira herewith delivers proactive protection against this vulnerability, already without requiring special virus definition updates.” Malware of this kind is detected by Avira as EXP/CVE-2010-2568.A and EXP/CVE-2010-2568.B, respectively.

The security vulnerability was abused by a Trojan at first which Avira detects as RKit/Stuxnet.A. It can, for instance, spread via USB sticks. The malware becomes active just by opening the USB stick with Windows Explorer. Meanwhile, there is Proof-of-Concept code available on the Internet which cyber criminals can put into their malware to abuse the vulnerability. It is very likely that more malware will show up in the next days abusing this security hole.

The basic protection of Avira AntiVir Personal detects and blocks the dangerous malware. Avira AntiVir Premium offers a higher protection level for $36.99. The integrated WebGuard and MailGuard block the malware even before it reaches the web browser or mail program. The Avira Premium Security Suite for $59.99 also protects from these threats and additionally contains a firewall, parental control and a backup solution – so that users can restore their important data.

About Avira

Avira wants its customers to ‘live free’ from spyware, phishing, viruses and other internet-based threats. The company was founded more than 27 years ago on Tjark Auerbach's promise to "make software that does good things for my friends and family." More than 100 million consumers and small businesses now depend upon Avira’s security expertise and award-winning antivirus software, making the company the number-two market share leader globally. Avira provides IT-security protection to computers, smartphones, servers and networks, delivered as both software and cloud-based services.

In addition to protecting the online world, Avira promotes well-being in the offline world through the Auerbach Foundation, which supports charitable and social projects. The philosophy of the foundation is to help people to help themselves.

For more information, please visit www.avira.com or join the community at www.facebook.com/avira.