More testing on the second WMF exploit



After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install against the latest version of the exploit and with each connection to the locally hosted page I got a new random file. After I collected five of these I ran them through virustotal.com to see how well detection has come in just 24 hours.


Unfortunately I don’t think things have improved much in the way of detection since this time yesterday. There was only one antivirus program to raise a red flag at each file. “TheHacker 5.9.2.066 01.01.2006 Exploit/WMF” For two of the files this was the only scanning engine to detect it as malware. The other three were a bit more widely detected (McAfee and Bitdefender, then Symantec did fairly well.)

Unfortunately due to the psuedo-random nature of this second exploit, antivirus software will likely be hard pressed to come up with good ways to detect it, but TheHacker, from http://www.hacksoft.com.pe/ (based in Peru), has done a good job at this point of dealing with the task.

As I was finishing up the article, I thought I’d throw one more at it virustotal and for the last one, only Symantec and TheHacker detected…. again good job Hacksoft.

Related Posts

Blog Traffic Exchange Related Posts
  • The end of antivirus definition updates? Well, frankly, there has been talk of the end of definition based antivirus scanning for years. You see the achilles heel of any AV scanner is that it has to have signatures of what known viruses look like, so there will always be a reflex window, where there's a new......
  • More on the Windows WMF zero-day exploit There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down,......
  • The virus arms race? is locking down systems the key? The securityfix has a post on the "dirty little secret" about antivirus. Eugene Kaspersky of Kaspersky antivirus has posted an introspective article on the antivirus industry and it's current problems. The biggest problem with antivirus is that it's always one step behind the virus writers. Antivirus software only can prevent......
Blog Traffic Exchange Related Websites
  • Womens Fed Cup and Australian Open This week in tennis featured multiple tournaments for the men and the Fed Cup for the women. These mark the first tournaments after impressive showings by both Kim Clijsters and Novak Djokovic, the winners of the Australian Open. For the men the SA Tennis Open was a chance for lesser-known......
  • Manufacturing Jobs Coming Back To The US I read a lot of financial news and newsletters on a regular basis. One of the paid newsletters I subscribe to is Capital & Crises by Chris Mayer which discusses safe, non-speculative stock market investments. Today I got an email quoting Mr. Mayer which was pretty interesting. It was about......
  • How to Stop Living Paycheck to Paycheck Right now, more than 80% of households in the United States live on a paycheck to paycheck basis. This means that a lost job could result in financial disaster for a large chunk of the population. Once you get into the trap of relying so heavily on one paycheck, it......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site