Free Microsoft Security Tool Tackles Malware Targeting Windows .LNK 0-Day

Microsoft has updated a free tool it is offering Windows users enabling them to identify and remove infections produced by a specific list of malware in order to tackle some malicious code samples that have become associated with exploits for a recently patched Windows Critical zero-day vulnerability.

A new version of the Malicious Software Removal Tool is now available for download from the Redmond company.

The malware tackled by the latest release of MSRT has already been used by attackers in the wild in exploits targeting the now notorious Windows .LNK security flaw.
“Threats like Stuxnet, Vobfus, and Sality (…) have incorporated the use of the CVE-2010-2568 vulnerability fixed by the MS10-046 bulletin,” revealed Scott Wu, from the Microsoft Malware Protection Center.

“It’s clear that an increasing number of malware families are incorporating this vulnerability. Today’s MSRT release represents another step Microsoft is taking to cleanse the ecosystem of this infection vector,” Wu added.

The latest version of the Malicious Software Removal Tool has been released through Windows Update, but users can also get the tool as a standalone download. MSRT has always been available through the Microsoft Download Center, and the August 2010 update is no exception to this rule.

“We highly encourage our readers to apply all security updates to protect themselves from this and other vulnerabilities,” Wu recommended. 


 At the start of August 2010, the Redmond company released an out-of-band patch resolving the .LNK vulnerability. Not only was the security flaw Critical in itself but it was also being actively exploited in the wild.

“One of the threats using this vulnerability that we recently discussed is Sality. It is a virus (a.k.a file infector) and has the potential to infect many files on your computer, making the disinfection tricky and time consuming, since in many cases it must repair, not simply delete, the troubled files. Recall that MSRT is a “cleanup” tool. It does not provide Real-time protection,” Wu said.

Microsoft also provided a list with the specific malware samples tackled by MSRT following the August 2010 update:

Win32/StuxnetWin32/CplLnk Worm:Win32/Vobfus.gen!A Worm:Win32/Vobfus.gen!B Worm:Win32/Vobfus.gen!C Worm:Win32/Vobfus!dll Worm:Win32/Sality.AU Virus:Win32/Sality.AU TrojanDropper:Win32/Sality.AU 


The Malicious Software Removal Tool is available for download here.

Microsoft Security Essentials is available for download
here.


Source