WMF zero-day exploit first hand experience



Well, I’ve just spent the better part of 6 hours (maybe a bit more) “sacrificing” a virtual machine to the zero-day Windows Meta File (WMF) exploit and all the malware that comes in. I picked one site from the sunbeltblog list to infect the virtual machine with and can attest to it being quite nasty. I was able to get the virtual machine *mostly* clean. I still haven’t gone back over it to try and make sure, but I’ll be posting some details from the “fun” tomorrow.


It’s too late now to spend too much time documenting what I had to do to clean things up. I essentially hit the exploit site and got the red circle icon in the system tray with a white x that I’ve seen screen shots of. (In fact I had 4 instances loaded….) I saw at least one trick I haven’t run into first hand before.

It’s worth saying. If a system has been trojaned the best bet to make sure that it’s clean is to re-image it. Cleaning a system is something that is possible to miss files and leave something that the attacker(s) can use to re-enter the system and the fun begins again. I’ll try to pass along some details tomorrow. I’ve collected a few files I want to run through virustotal because clamav doesn’t seem to find anything wrong with them.

Related Posts

Blog Traffic Exchange Related Posts
  • VM Player vmx builder Of course, I've spent some time with posts on VMware player (free download to "play" existing vmware images). And more recently on the VMware server which is also a free download but can create images as well. If you're not in a position to try the VMWare server, you might......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
  • The latest and greatest in Malware Removals I have started referring to malware more and more lately because the term virus doesn't exactly describe the pests I see on peoples machines and the terms spyware or adware aren't doing justice to some of these pests either. (There are many pieces of what I would consider malware that......
Blog Traffic Exchange Related Websites
  • 7 Reader Friendly Corporate Blogs Tips You want your blog to be engaging, but that may not always be easy. Here are some great tips on how to keep your corporate blog reader friendly. 1. Pick your design well. One of the biggest problems for corporate blogs is design. You can need to make sure that......
  • How to Have Fun Running (Gulp!) Many people have a love/hate relationship with running. It's a highly polarizing activity, as many people find it the most difficult, laborious type of exercise, and others find it the most freeing, liberating exercise possible. Where do you lie? And have you ever wondered how some people could actually have......
  • Warning: Visiting This Site May Harm Your Computer Removal So you've just noticed that when you search for your website in Google, along with your standard listing you also have a message which reads "Warning Visiting This Site May Harm Your Computer". This article is all about *why* this warning appears, how to correct any issues with your......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

One Response to “WMF zero-day exploit first hand experience”

  1. The PC Doctor Says:


    More on the Windows Meta File exploit

    Here are a few more interesting and useful links about the Windows Meta File exploit recently discovered in Windows.
    First is an advisory from Microsoft – Security Advisory (912840) Vulnerability in Graphics Rendering Engine Could Allow Remote Code E…


Switch to our mobile site