More testing on the second WMF exploit



After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install against the latest version of the exploit and with each connection to the locally hosted page I got a new random file. After I collected five of these I ran them through virustotal.com to see how well detection has come in just 24 hours.


Unfortunately I don’t think things have improved much in the way of detection since this time yesterday. There was only one antivirus program to raise a red flag at each file. “TheHacker 5.9.2.066 01.01.2006 Exploit/WMF” For two of the files this was the only scanning engine to detect it as malware. The other three were a bit more widely detected (McAfee and Bitdefender, then Symantec did fairly well.)

Unfortunately due to the psuedo-random nature of this second exploit, antivirus software will likely be hard pressed to come up with good ways to detect it, but TheHacker, from http://www.hacksoft.com.pe/ (based in Peru), has done a good job at this point of dealing with the task.

As I was finishing up the article, I thought I’d throw one more at it virustotal and for the last one, only Symantec and TheHacker detected…. again good job Hacksoft.

Related Posts

Blog Traffic Exchange Related Posts
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • The connection between Spam and Viruses After comparing MANY of these delivery failures (a fraction of what has gone out with my domain name forged I'm afraid...) They are all advertising essentially the same site (sometimes different gateways to it, but I've traced it all back to a close group of domains that have been unresponsive......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
Blog Traffic Exchange Related Websites
  • The Problems with Working Longer and Retiring Later Some Social Security reformers want to increase the retirement age from age 66, perhaps even to age 70. I don't think this would work for many, if not most American workers. This cost saving strategy is based on the assumption that increasing the retirement age would cause folks to work......
  • The Best Method of Spyware Removal Spyware removal is a tedious but necessary chore. At best, spyware slows down your computer and brings up those annoying popup windows. At worst, spyware can monitor your activities on your computer without your knowing, steal vital information from your computer such as passwords and bank account numbers, and even......
  • Manufacturing Jobs Coming Back To The US I read a lot of financial news and newsletters on a regular basis. One of the paid newsletters I subscribe to is Capital & Crises by Chris Mayer which discusses safe, non-speculative stock market investments. Today I got an email quoting Mr. Mayer which was pretty interesting. It was about......
PDF24    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site