Computer Tips -Tech Info

There’s more on the WMF 0-day exploit… According to f-secure it’s being used to distribute the following nasties….

Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev.

It’s also installing the wolf in sheeps clothing… Avgold.

Sunbeltblog is reporting that the exploit is now on 50 sites…. Here is a list to block….

m.cpa4 [dot] org
008k [dot] com
mscracks [dot] com
keygen [dot] us
dailyfreepics [dot] us
pornsites-reviews [dot] com
mmxo.megaman-network [dot]
com
600pics [dot] com
Crackz [dot] ws
unionseek [dot] com
www.tfcco
[dot] com
Iframeurl [dot] biz
beehappyy [dot] biz
Buytoolbar [dot] biz
teens7 [dot] com

They also speculate on potential vectors in web-based mail accounts spam (hotmail) and trackback blog links. It sounds as though after getting bit by this one, reinstalling the operating system is the best way back to running normally.

Popularity: 1% [?]

   Send article as PDF   

• The connection between Spam and Viruses After comparing MANY of these delivery failures (a fraction of what has gone out with my domain name forged I'm afraid...) They are all advertising essentially the same site (sometimes different gateways to it, but I've traced it all back to a close group of domains that have been unresponsive......
• More on the Windows WMF zero-day exploit There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down,......
• WMF exploit virus detection revisited Yesterday, when I was testing the WMF exploit against a Windows 98 virtual machine, I sent samples through virus total and the only antivirus product to detect each of them was "TheHacker" from hacksoft. This evening I was revisiting the exploit (with the new rule for metasploit) and saved 20......

• Should I Panic When I See a Windows Registry Error? Windows registry errors are pretty common in this day and age, and this is because most of the computer users in the world today are pretty negligent when it comes to maintaining their computer, least of all a tiny file that sits in the core of the Operating System. The......
• How to Obtain Your Free (Government Mandated) Credit Report What is a credit report and what does it contain? Back in the day, when you applied for credit you would list all of your creditors on the application. The bank or whomever was deciding whether or not to extend you a line of credit would then call all your......
• New Fake TweetDeck Update – Beware of Spreading Malware Many TweetDeck users have awaken to an unfortunate surprise this morning when trying to launch the application.   What is the unfortunate surprise you ask? “It did not work!”  Twitter has recently implemented major changes to how other applications access your Twitter account and hackers have taken the opportunity by implementing......

Similar Posts

• Windows Live Mail (Next generation Hotmail) get’s an update
• More on the Windows WMF zero-day exploit
• Enabling logging in Microsoft Outlook
• Update on the WMF exploit – more sites to block
• Clampi Virus | Clampi Trojan

This entry was posted on Wednesday, December 28th, 2005 at 6:22 pm and is filed under Computers, Security, Viruses. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.