VirusLNK/CVE_2010_2568.0B0B!exploit
Analysis
LNK/CVE_2010_2568.0B0B!exploit is a generic detection for an exploit.
Since this is a generic detection, malware that are detected as LNK/CVE_2010_2568.0B0B!exploit may have varying behaviour.
Below are some of its observed characteristics/behaviours:
- This malware is related to the CVE-2010-2568 vulnerability. It exploits the vulnerability in the Windows Shell by utilizing a crafted .lnk or .pif shorcut file to execute arbitrary code.
- This malware has been associated with the following third party article/advisory.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568 https://nvd.nist.gov/vuln/detail/CVE-2010-2568
- Md5: a98df685d919396894e2d9dde09a0b0b
Sha256: 925fd74663ffe85ae42a190c4ce33dea674338bf820f83f5baa9f0cba8b2f41b - Md5: 11e245e70cd9f1c97fae6d5cc104bcf2
Sha256: b65a4e75c897275ee09e46fae6f968ea838183fc1f1de27319afca49eabea9cd - Md5: 224f60291b979c1044b69e969b9fd10a
Sha256: 44895948ff755f37d318fa5b62aabb9e4465b5f97ae9c5e7437d5600bbb95fcc - Md5: 9d24aba186775e1285f7a701beca7fd7
Sha256: cc20fb3f2f270bfaa62fe668be832e5862769f094e3430f449395198c1e350a4 - Md5: caba42cf0f4b549af3eeb394df1db9b9
Sha256: 70e1c75dd8651001aedf6483a368d65e967085e63771bec771f7c31f2833de65
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |