Wednesday, July 21, 2010

Avira warns of Windows vulnerability

Cyber criminals abuse an open security vulnerability in all Windows versions to inject malware into PCs

Tettnang, 21 July 2010 – In Windows operating systems there is currently a vulnerability which attackers can abuse to smuggle in viruses. It suffices to open a specially prepared USB stick or a folder containing a manipulated link with Windows Explorer, warns IT security expert Avira, whose security software protects from this threat.

For the security vulnerability in the processing of file links (.lnk files) within all supported Windows operating systems, Microsoft released a security advisory; an update to eliminate this vulnerability is not yet available, though. The company currently merely provides a guide to deactivate a Windows service as well as the defective processing routines for the .lnk files, which seems to be too complicated for the most users and poses the risk to render the system unusable by a small error. Additionally, the start and quick start menu show a standard icon for all programs after the procedure, which decreases usability significantly.

Thorsten Sick, Product Manager at Avira, recommends to use up-to-date antimalware: “Avira protects users from this threat by detecting and blocking malware which abuses the vulnerability with heuristic analysis. Avira herewith delivers proactive protection against this vulnerability, already without requiring special virus definition updates.” Malware of this kind is detected by Avira as EXP/CVE-2010-2568.A and EXP/CVE-2010-2568.B, respectively.

The security vulnerability was abused by a Trojan at first which Avira detects as RKit/Stuxnet.A. It can, for instance, spread via USB sticks. The malware becomes active just by opening the USB stick with Windows Explorer. Meanwhile, there is Proof-of-Concept code available on the Internet which cyber criminals can put into their malware to abuse the vulnerability. It is very likely that more malware will show up in the next days abusing this security hole.

The basic protection of Avira AntiVir Personal detects and blocks the dangerous malware. Avira AntiVir Premium offers a higher protection level for 24,95 €. The integrated WebGuard and MailGuard block the malware even before it reaches the web browser or mail program. The Avira Premium Security Suite for 39,95 € also protects from these threats and additionally contains a firewall, parental control and a backup solution – so that users can restore their important data.

About Avira

More than 100 million consumers and small businesses depend upon Avira’s security expertise and award-winning antivirus software, making the company the number-two market share leader globally. Avira is ranked #1 in technology innovation according to ABI Research; recommended by Consumer Reports for its free antivirus software; cited by OPSWAT as the #1 fastest-growing antivirus vendor in 2012 and the #2 largest vendor worldwide in 2011; and has received a nearly unbroken string of Virus Bulletin VB100 awards for the past decade.

Avira provides IT-security protection to computers, smartphones, servers and networks, delivered as both software and cloud-based services. Visit www.avira.com.