A software vulnerability exploited by cyberweapons including Stuxnet and Flame is still being used to attack millions of users around the world four years after it was patched, a Kaspersky analysis has suggested.
The firm’s analysis looked at detections of malware trying its luck against CVE 2010-2658, an important flaw discovered to be affecting Windows XP, Vista, Windows 7, Server 2002 and Server 2008 in July 2010, and whose popularity remains strangely undimmed among cybercriminals, Techworld reported.
Between November 2013 and June 2014, Kaspersky Lab detected 19 million systems encountering malware that appeared to be using exploits targeting it, 64 percent of which were running Windows XP.
The top country registering these exploits was Vietnam (42.4 percent), India (11.7 percent), Indonesia (9.4 percent), Brazil (5.5 percent) and Algeria (3.7 percent), with a clutch of other developing countries also showing high levels of XP use featuring on the list.
CVE 2010-2658 was first noticed in the Sality worm and Stuxnet attacks in 2010, and was eventually patched by Microsoft in early August. As it happens, the persistence of this flaw is probably explained by Sality, detections of which seem to coincide closely with its activity.
Conclusions? Kaspersky Lab is cagey about how many real-world attacks these ‘detections’ translate into (the exploit created malicious shortcuts that can in theory be created by other malware) but it does implies a large number of machines are probably vulnerable to it despite the widespread availability of a patch.
Many of these systems also run Windows XP and may never be properly patched against a range of known software flaws.
“Kaspersky Lab’s experts presume that most of these stem from poorly maintained servers without regular updates or a security solution installed. These servers may also be inhabited by worms that use malware exploiting this vulnerability,” said Kaspersky Lab researcher, Yuri Ilyin.
But according to Tim Erlin, security R&D director at security firm Tripwire, the figures may be an underestimate of the true scale of the problem.
“Kaspersky is only seeing part of the picture here. As a malware detection product, they have recorded and measured ‘detections of exploits’ rather than the vulnerability itself,” he said.
“They can infer from the exploit activity that the vulnerability is present, but there may be many more systems that are vulnerable, but not yet being exploited.”
Although impossible to prove, it seemed likely that the large number of detections in certain countries was related to the number of unpatched systems, he said.
GMT 16:03 2018 Wednesday ,28 November
Executive Office of Arab Ministers of Communications starts in CairoGMT 09:09 2018 Thursday ,15 November
Syria, Iran discuss enhancing scientific cooperationGMT 09:53 2018 Wednesday ,07 November
Drones bring innovation to Africa, from Morocco to MalawiGMT 11:31 2018 Wednesday ,17 October
Japan high-tech fair CEATEC opens in ChibaGMT 14:03 2018 Monday ,08 October
American scientists awarded 2018 Prize in Economic SciencesGMT 07:35 2018 Monday ,08 October
First foreign space agency opens in Abu DhabiGMT 10:47 2018 Sunday ,07 October
Bahrain hosts World Robotics Olympiad2018GMT 09:20 2018 Thursday ,04 October
UAE participates in World Space WeekMaintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Maintained and developed by Arabs Today Group SAL.
All rights reserved to Arab Today Media Group 2021 ©
Send your comments
Your comment as a visitor