New Delhi: IT security firm Kaspersky Cyber security firm Kaspersky Wednesday claimed it has detected an old, widely known vulnerability that was used in a cyber attack to sabotage
Iran`s nuclear programme in some versions of Windows platform across 19 million computers, including in India.
"Kaspersky Lab detection systems are still registering tens of millions of detections of CVE-2010-2568 exploits. Over the study period, more than 50 million detections on more than 19 million computers worldwide were recorded," Kaspersky said in its Security Network Report.
In autumn 2010, Microsoft has released a security update to patch (fix) this vulnerability.
The report said that the malware to sabotage Iran`s nuclear programme used an "exploit" (loophole) for the CVE-2010-2568 vulnerability.
"It is an error in processing tags in Windows OS enabling the download of the random dynamic library without the user`s awareness. The vulnerability affected Windows XP, Vista, and Windows 7 as well as Windows Server 2003 and 2008," Kaspersky report said.
The security firm`s research has found India is among top three countries, followed by Vietnam and Algeria, where most of the computer systems have this vulnerability.
"Vietnam (42.45 per cent), India (11.7 per cent) and Algeria (5.52 per cent) are among the leaders for the number of Kaspersky Lab detections of one of the most dangerous Windows vulnerabilities currently known," the report said.
The loophole provides an opportunity for cyber attackers to load its malware through this vulnerability without users knowledge and manipulate computer systems as desired by cyber criminals.
It has been reportedly said that US surveillance agency NSA has been using these exploits from snooping purposes.
Kaspersky said that a lion`s share of detections (64.19 per cent), registered over the last eight months involved Windows XP, for which the Microsoft has completely ended support, and 27.99 per cent were on Windows 7.
As per the report, out of these 65 per cent XP users, about 27 per cent are in India.
The lab analysed only systems on which its cyber security products are used.