Welcome to the Virus Encyclopedia of Panda Security.
ChymineLNK.A uses the vulnerability called MS10-046 (CVE-2010-2568) in order to be installed in the computer. It is a Windows vulnerability that affects shortcuts and which allows remote code execution.
ChymineLNK.A carries out the following actions:
Note: Microsoft has already released the security patch that solves this vulnerability. If you have a Windows 2008/7/Vista/2003/XP computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.
ChymineLNK.A creates a folder with random numbers in the Windows system directory, like for example:
The most remarkable feature of this is that the name of the folder ends in a point. This way, the directory cannot be accessed by users, as Windows is not able to interpret the execution of folders that end in a point. In order to access the folder, it is assigned a short name, which in this case it would be 1234~1.
Additionally, if users view this folder through the Windows Explorer, they are informed that the folder is empty.
This folder is not empty, but it contains a hidden file, which belongs to the rootkit. The filename is .dll and it has no extension. In order to access this file, it is assigned a short name, which in this case it is dll~1.
ChymineLNK.A creates the following entries in the Windows Registry:
ChymineLNK.A reaches the computer in a shortcut which points to the remote download of the file that starts the infection. This shortcut uses the vulnerability called MS10-046 (CVE-2010-2568), which affects files with a LNK extension.
However, ChymineLNK.A does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, removable drives likes pendrives, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
ChymineLNK.A is 142,848 bytes in size.