Antivirus vs. WMF exploit
There are a number of references out today to a December 31st article (on a study by av-test) about how well antivirus products were keeping up with the shifting signatures of the WMF exploits. There was a list of about 12 products that were at 100% detection. Unfortunately, the important point is that the original article was December 31st. I don’t know if there are new variations in the wild, but I DO know that the metasploit module has changed and currently seems to evade detection from Clamav. (Although clamav has caught up to the most recent batch of the exploit.)
The Kaspersky antivirus blog viruslist is talking about the new variations and the signature approaches they’ve used to try to detect other variations (some not seen in the wild) of the exploit.
It is painfully easy to create new copies of an exploit such as this. That is how I’ve tested it against Windows 98 and Windows XP virtual machines. Hopefully the antivirus companies will catch up and get good signatures to detect the exploit even with the newer obfustication techniques that have come out in the last day or so. The bottom line is, don’t rely on antivirus alone to protect against these exploits.
Popularity: 1% [?]
Related Posts - NEW exploit for the WMF vulnerability Just when you thought we had a good understanding of the recent zero-day WMF (Windows metafile exploit) it's worse. Sans is reporting on a new variation on the exploit released today. They have gone to yellow (again) to warn people. Here are some details. This exploit was "made by the......
- Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently "limited and targeted" attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is......
- WMF exploit situation summary... Since there's been quite a bit of flux the last couple of days I thought I'd try to "reset" the situation and give a general overview of where we stand now with regards to the recent WMF zero-day exploit. 1st there is a vulnerability in the way Windows renders WMF......
Related Websites - Using Article Marketing for a Blog One of the most popular things on the Internet today is blogging. In fact, if you notice the trends over the past few years, bloggers have gotten a bit of notoriety and attention even in the news. Bloggers are becoming quite an influential group in the news category and for......
- Best Registry Cleaner for Windows Xp The search for the best registry cleaner for windows xp might be sometimes difficult because of the numerous options that are currently available on the market. The best thing you can do in order to get informed on the registry cleaners is to browse the internet in search for forums,......
- How Are You Going To Wonderful Revenue Speedily And Quickly With PLR Products? Just what exactly is all this buzz recently close to the entire notion of exploiting PLR to create fast money? Should you never feel me, just do a search for "PLR Exploitation Review" in Google and you may see what I suggest. So, because the title of this post asks;......
Similar Posts
- WMF exploit virus detection revisited
- Antivirus scanning update for WMF
- More testing on the second WMF exploit
- Version 2 of the WMF exploit vs Windows 98 SE
- More WMF exploit testing on Windows 98