Windows Metafile zeroday exploit



There’s more on the WMF 0-day exploit… According to f-secure it’s being used to distribute the following nasties….

Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev.


It’s also installing the wolf in sheeps clothing… Avgold.

Sunbeltblog is reporting that the exploit is now on 50 sites…. Here is a list to block….

m.cpa4 [dot] org
008k [dot] com
mscracks [dot] com
keygen [dot] us
dailyfreepics [dot] us
pornsites-reviews [dot] com
mmxo.megaman-network [dot]
com
600pics [dot] com
Crackz [dot] ws
unionseek [dot] com
www.tfcco
[dot] com
Iframeurl [dot] biz
beehappyy [dot] biz
Buytoolbar [dot] biz
teens7 [dot] com

They also speculate on potential vectors in web-based mail accounts spam (hotmail) and trackback blog links. It sounds as though after getting bit by this one, reinstalling the operating system is the best way back to running normally.

Related Posts

Blog Traffic Exchange Related Posts
  • WMF exploit virus detection revisited Yesterday, when I was testing the WMF exploit against a Windows 98 virtual machine, I sent samples through virus total and the only antivirus product to detect each of them was "TheHacker" from hacksoft. This evening I was revisiting the exploit (with the new rule for metasploit) and saved 20......
  • Disinfecting a PC… part 6 Ok, it's BHOdemon time... installed from cd and on starting: BHOdemon bhotb-all.html not found, no web connection downloading on other machine. Finally get it to work copying from another machine. But I had to change the Windows ME to show full filenames to help troubleshoot why it couldn't find the......
  • The connection between Spam and Viruses After comparing MANY of these delivery failures (a fraction of what has gone out with my domain name forged I'm afraid...) They are all advertising essentially the same site (sometimes different gateways to it, but I've traced it all back to a close group of domains that have been unresponsive......
Blog Traffic Exchange Related Websites
  • Should I Panic When I See a Windows Registry Error? Windows registry errors are pretty common in this day and age, and this is because most of the computer users in the world today are pretty negligent when it comes to maintaining their computer, least of all a tiny file that sits in the core of the Operating System. The......
  • How to Obtain Your Free (Government Mandated) Credit Report What is a credit report and what does it contain? Back in the day, when you applied for credit you would list all of your creditors on the application. The bank or whomever was deciding whether or not to extend you a line of credit would then call all your......
  • Permalink Structure without Dates The structure behind WordPress is generous enough to allow for built in SEO advantages which come with building pages that static web page building and other blogging software cannot afford you. By using WordPress, you already have an advantage over bloggers, but only as long as you are willing to......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

2 Responses to “Windows Metafile zeroday exploit”

  1. Spyware Informer Says:


    The Zero-Day Exploit

    The new WMF exploit been all over the news lately. Why shouldn’t it be? It’s a huge security risk! How so? For one, it exploits a feature that almost every Windows PC has: a graphics rendering engine. I’m sure that many of you know what this is and …

  2. Polarman Says:


    Urgent WMF exploit

    What Microsoft should do about the WMF exploit: · Use automatic update to immediately unregister the shimgvw DLL. When they’ve fixed the problem, they can turn it back on. · Negotiate to use the current fix of Ilfak Guilfanov’s. Pay


Switch to our mobile site