Attackers had their eyes fixed on the Windows .LNK shortcut vulnerability in August, accounting for three entries on Kaspersky Lab’s list of the top 20 most prolific malicious programs during the month.
Reports of the vulnerability first became public in July, with the revelation of the Stuxnet worm. Two of the three pieces of malware directly exploit the flaw, while the third is a Trojan dropper that uses it to propagate and install the latest version of the Sality virus. Though Microsoft patched the vulnerability Aug. 2, the three pieces of malware ended up ranking ninth, 12th and 17th.
“Curiously, both the exploits for CVE-2010-2568 [the Windows shortcut issue] which are included in the ranking are often found in Russia, India and Brazil,” blogged Kaspersky senior virus analyst Vyacheslav Zakorzhevsky. “While India is the primary source of the Stuxnet worm (the first malicious program to target this vulnerability), it is not entirely clear what role Russia plays.”
Kaspersky also found the Conficker worm continuing to proliferate, with its various variants holding three of the top four positions on the vendor’s malicious program list.