Microsoft added detection for two new malware families using the vulnerability discussed in “SA2286198“:
“First is, V(isual Basic) + obfuscated = Vobfus been using shortcut files as a social engineering technique to get users to run its code. However, these shortcut files “didn’t” automatically run. Vobfus also drops autorun.inf file to run its copy in the drive if Autorun is enabled. New samples of Vobfus.H, drop a specially-crafted, malicious shortcut file that exploits SA2286198. We detect these malicious links as Exploit:Win32/CplLnk.B; same detection as some of the shortcut files associated with vulnerability exploited by Stuxnet family. Another, new malware Chymine, or Trojan:Win32/Chymine.A launches by a malicious shortcut detected as Exploit:Win32/CplLnk.A. It drops another trojan TrojanSpy:Win32/Chymine.A, which log user keystrokes and download other malware,” revealed MMPC blog.