Windows Zero-day Vulnerability

Hi!

Just a short question: Is Avast 5 able to prevent from the new zero-day exploit? Are there any definitions out yet? Or is it impossible to block such attacks generally because no special file has to be executed?

More information:
http://www.f-secure.com/weblog/archives/00001989.html
http://www.h-online.com/security/news/item/Exploit-demonstrates-critical-Windows-lnk-vulnerability-1040285.html

Best regards

Yes, the exploit is detected and blocked.

Lots of thanks for your fast reply, igor!

Well done, keep up the good work.

Best regards

How is it blocked? Filescanner or behavior shield?
Are morphed variants also detected or do the patterns have to match exactly?

So, are we safe against unknown yet to be released variants?
Does Avast Community IQ come into play here?

avast! was so far known to always cover all possible variants from day 1. So it’s safe to assume they do here as well.

I don’t rely on assumptions, but on facts so I always like to hear it from the horses mouth in technical detail :wink:

An ordinary detection, i.e. file scanner / mail scanner / web shield / …

Well, some patterns always have to be matched - otherwise the exploit wouldn’t work at all :wink:
But yes, even currently unseen variants are detected.

Nobody can say that, of course - it’s impossible to say what modifications appear in the future.

Partially yes. The thing is that this whole “vulnerability” is not really a bug - but rather a feature. Some users have basically the same non-malicious link files on their disks; some printer/modem installers create them. So, we use the community submissions to (silently) check for false alarms before making the detection too general (i.e. covering more than we really want).

Thanks igor for the reply! Fully satisfied!

If anyone wants to protect their PCs against unknown new variants of the exploit until Microsoft releases a fix,
some AV vendors have released a tool that checks lnk-files for the exploit.

http://www.sophos.com/products/free-tools/sophos-windows-shortcut-exploit-protection-tool.html
(This Tool ignores files on the local harddisk. So not really useful…)

or

http://www.gdatasoftware.co.uk/support/downloads/tools.html