Antivirus vs. WMF exploit



There are a number of references out today to a December 31st article (on a study by av-test) about how well antivirus products were keeping up with the shifting signatures of the WMF exploits. There was a list of about 12 products that were at 100% detection. Unfortunately, the important point is that the original article was December 31st. I don’t know if there are new variations in the wild, but I DO know that the metasploit module has changed and currently seems to evade detection from Clamav. (Although clamav has caught up to the most recent batch of the exploit.)


The Kaspersky antivirus blog viruslist is talking about the new variations and the signature approaches they’ve used to try to detect other variations (some not seen in the wild) of the exploit.

It is painfully easy to create new copies of an exploit such as this. That is how I’ve tested it against Windows 98 and Windows XP virtual machines. Hopefully the antivirus companies will catch up and get good signatures to detect the exploit even with the newer obfustication techniques that have come out in the last day or so. The bottom line is, don’t rely on antivirus alone to protect against these exploits.

Related Posts

Blog Traffic Exchange Related Posts
  • More testing on the second WMF exploit After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install......
  • Version 2 of the WMF exploit vs Windows 98 SE Ok, I wasn't quite satisfied with the results of the tests against the first version of the WMF (Windows Metafile) zero day exploit that's now up to 4 or 5 days or so... Windows 98 is listed as being vulnerable, but there are no patches or workarounds currently available for......
  • WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
Blog Traffic Exchange Related Websites
  • Information Security Definitions - Zero Day Attack (0 Zero Attack) A zero-day attack or threat is a computer threat that tries to exploit unknown, undisclosed or unpatched computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses. Zero-day exploits are released before the vendor patch is released to the public. Zero-day exploits generally......
  • Using Article Marketing for a Blog One of the most popular things on the Internet today is blogging. In fact, if you notice the trends over the past few years, bloggers have gotten a bit of notoriety and attention even in the news. Bloggers are becoming quite an influential group in the news category and for......
  • Malware found in Lenovo software package Hii, I just got the news. Computer maker Lenovo is shipping a malware-infected software package to Windows XP users, according to warning from anti-virus researchers at Microsoft. The malicious file was identified by Microsoft as Win32/Meredrop, a Trojan dropper that is used to install and execute multiple malicious executables on......
en.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site