Antivirus vs. WMF exploit



There are a number of references out today to a December 31st article (on a study by av-test) about how well antivirus products were keeping up with the shifting signatures of the WMF exploits. There was a list of about 12 products that were at 100% detection. Unfortunately, the important point is that the original article was December 31st. I don’t know if there are new variations in the wild, but I DO know that the metasploit module has changed and currently seems to evade detection from Clamav. (Although clamav has caught up to the most recent batch of the exploit.)


The Kaspersky antivirus blog viruslist is talking about the new variations and the signature approaches they’ve used to try to detect other variations (some not seen in the wild) of the exploit.

It is painfully easy to create new copies of an exploit such as this. That is how I’ve tested it against Windows 98 and Windows XP virtual machines. Hopefully the antivirus companies will catch up and get good signatures to detect the exploit even with the newer obfustication techniques that have come out in the last day or so. The bottom line is, don’t rely on antivirus alone to protect against these exploits.

Related Posts

Blog Traffic Exchange Related Posts
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • Grisoft AVG Antivirus 7.5 on Windows XP False Positive that HURTS This looks like a REALLY bad false positive. It appears that AVG 7.5 for a short period of time detected user32.dll as a trojan horse. (trojan horse psw banker4). It looks as though update to the virus database VDB 270.9.0/1778 fixes the problem. Unfortunately if you have been bitten by......
  • Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently "limited and targeted" attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is......
Blog Traffic Exchange Related Websites
  • Gmail Exploit May Lead to Domain Hijacking Hii all Gmail users/lovers, A Gmail security vulnerability may allow an attacker to set up filters on users' e-mail accounts without their knowledge, according to a proof of concept posted Sunday at GeekCondition.com. In his post, Brandon writes that the vulnerability has caused some people to lose their domain names......
  • Enhancing your Business with Blogging Blogging has become an extremely popular activity for businesses, and it also has created a very important impact in other circles as well, including an activity for the political scene as well as for ordinary individuals as well. Google purchased Blogger in 2003, and ever since, blogging has continued to......
  • A little kindness might help I am haunted by an article in the Boston Globe Magazine from June 24, 2007 titled "Here Comes the Repo Man" a reference to the author's father who was a repo man for GMAC when the author was a child. She learned the lesson that when you can't pay for......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site