Will Dormann on Nostr: More than 2 months after Elastic Security Labs has described LNK Stomping (and many ...
More than 2 months after Elastic Security Labs has described LNK Stomping (and many years after the exploits have been seen in the wild), the LNK that pops calc.exe still has zero detections on VirusTotal.
https://www.virustotal.com/gui/file/a688c1f260fefd4cb071d268dde451fd36a7b43a92d8ee1bc5c415174f61c2d5
Maybe because it's "just" calc.exe, AV is ignoring it? How about a CVE-2024-38217 exploit LNK with a payload that runs code from a remote server?
That gets 2 whole hits out of 64 on VT.
https://www.virustotal.com/gui/file/0f3fe93c037a07d9301abfa581ad42da8c96dfd6e189c02af75533a3e320c468?nocache=1
Either way you look at it, none of the engines on VT are detecting this technique of exploiting CVE-2024-38217. While plenty of AV-related security products claim to detect exploits for vulnerabilities, it'd be good to have a healthy amount of skepticism for what the products actually do.
https://www.virustotal.com/gui/file/a688c1f260fefd4cb071d268dde451fd36a7b43a92d8ee1bc5c415174f61c2d5
Maybe because it's "just" calc.exe, AV is ignoring it? How about a CVE-2024-38217 exploit LNK with a payload that runs code from a remote server?
That gets 2 whole hits out of 64 on VT.
https://www.virustotal.com/gui/file/0f3fe93c037a07d9301abfa581ad42da8c96dfd6e189c02af75533a3e320c468?nocache=1
Either way you look at it, none of the engines on VT are detecting this technique of exploiting CVE-2024-38217. While plenty of AV-related security products claim to detect exploits for vulnerabilities, it'd be good to have a healthy amount of skepticism for what the products actually do.