About Me

Guilherme Venere

Guilherme Venere

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Downloader-CJX Cashing In on Microsoft .LNK Flaw

Monday, July 26, 2010 at 3:34pm by Guilherme Venere
Guilherme Venere

As McAfee Labs predicted in a previous blog post regarding the Microsoft Windows Shell .LNK vulnerability, it was just a matter of time before malware started using Exploit-CVE2010-2568 to take advantage of this new Microsoft zero-day flaw. The flaw is described in CVE-2010-2568.

First, there was talk about PWS-Zbot (a.k.a. Zeus) using the vulnerability in encrypted emails that contained the malicious .LNK file(s); then our research team found a new variant of Downloader-CJX that extended its previous .LNK propagation strategy using social engineering with the new Exploit-CVE2010-2568 .LNK files.

Downloader-CJX is a malware family that installs .LNK files mimicking current Windows and user folders such as Music, Documents, or New Folder. The malware changes the attributes of the real folder to hide it from Explorer, and drops the .LNK files with folder icons, so the user is lured into clicking on these malicious links that appear as legitimate folders. These .LNK files are detected as Downloader-CJX!lnk when found in an infected machine.

The new variant drops additional files on infected systems:

Downloader-CJX.gen.g files

The file x.exe is another copy of Downloader-CJX that in turn drops xxx.dll, a DLL component of Downloader-CJX.

The additional .LNK files exploit the CVE-2010-2568 vulnerability, enabling the malware to load the DLL file when users browse the folder.

These .LNK files are already detected as Exploit-CVE-2010-2568 and the new Downloader-CJX variant as Downloader-CJX.gen.g.

We offer you yet another reminder to keep your anti-malware software updated with the latest DATs, because the bad guys are always updating their software, too.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (3)

  • netlab March 17, 2011 10:49AM

    Good Day,

    I’m also experiencing this problem and the latest dat files at not helping at all in the prevention of this virus. A speedy solution to this problem is badly needed as this is a very annoying virus

    netlab

    Reply
  • Frank Collin September 29, 2010 12:09AM

    McAfee Stinger version 10.1.0.1056 Build on 24 september 2010.
    Volgende foutmelding:
    Standalone anti-virus scanner for certain viruses, is een fout opgetreden en moet worden afgesloten. Onze excuses voor het ongemak.
    U was bezig met een bewerking. Deze gegevens zijn mogelijk verloren gegaan.
    Fout opsporen Sluite

    Reply
  • jeff July 27, 2010 10:58AM

    This explains what the virus is…but not way to resolve it!? Come on guys!

    Reply