![[Malware]](http://www.geekcourt.com/wp-content/uploads/2010/07/malware_1.png "[Malware]")
It seems that the fight with the Stuxnet worm isn’t over as new variants of the worm were discovered and reported by the ESET blog.
The post by Pierre-Marc Bureau goes on to say:
“We have identified a new family that exploits this unpatched vulnerability in order to spread, which we have labelled Win32/TrojanDownloader.Chymine.A. At the time of analysis, this threat downloads and install a key stroke logger which we detect as Win32/Spy.Agent.NSO trojan. The server used to deliver the components used in this attack is presently located in the US, but the IP is assigned to a customer in China.
Minutes after identifying this new attack, we observed a known threat, Win32/Autorun.VB.RP, which has been updated to include the CVE-2010-2568 exploit as a new propagation vector. Win32/Autorun.VB.RP seems to download and install additional components on infected machines.”
While Microsoft has yet to release an official patch to address the problem, it has released a workaround solution on its support site. The workaround will disable .LNK and .PIF file functionality on most Windows machines. Microsoft also offers an undo option for the workaround should users change their minds after implementation.
Leave a Reply: