Microsoft released an out-of-band update to address CVE-2010-2568 (KB2286198). “Microsoft MMPC, along with other Microsoft Active Protection Program partners, have been keeping a close watch on .LNK files exploiting this vulnerability. As with many new attack techniques, copycat attackers can act quickly to integrate new techniques. Although there’ve been multiple families that’ve picked up this vector, one in particular caught our attention this week– a family named Sality, and specifically Sality.AT. Sality is a highly virulent strain. It’s known to infect other files (making full removal after infection challenging), copy itself to removable media, disable security, and then download other malware. It’s also a very large family—one of the most prevalent families this year,” informs Microsoft.
Signatures are available for customers of Microsoft Security Essentials, Forefront Client Security, Windows Live OneCare, the Forefront Threat Management Gateway, and the Windows Live Safety Platform.