Workaround for zeroday WMF exploit

Wednesday, December 28th, 2005

It’s worth repeating a few things here. There is a nasty exploit in the way that WMF images are parsed in Windows. This means that WITHOUT user intervention a system can be remotely exploited and through that exploit various software (spyware, viruses, other malware) can be installed. There is no patch at this moment, I […]

More on the Windows WMF zero-day exploit

Wednesday, December 28th, 2005

There seems to be quite a bit developing on the Windows Meta File (WMF) zero-day (0-day) exploit which was first reported yesterday. Sans has raised their alert level to yellow in an effort to get attention to this problem. It looks like the original site serving the exploit is down, but now it’s being served […]

Disinfecting a PC… part 6

Monday, December 19th, 2005

Ok, it’s BHOdemon time… installed from cd and on starting: BHOdemon bhotb-all.html not found, no web connection downloading on other machine. Finally get it to work copying from another machine. But I had to change the Windows ME to show full filenames to help troubleshoot why it couldn’t find the file (naming problem.) (There seems […]

Disinfecting a PC… part 1

Wednesday, December 14th, 2005

This is the first in a several part series documenting the cleaning of an infected PC. The only real noteworthy item is that it was a dial-up only connection and was rather infested for that. (On par with some of the broadband connected pc’s I’ve seen. It’s also an interesting counterpoint to the network security […]

Update on Internet Explorer Zero Day exploit

Thursday, August 18th, 2005

Yesterday I mentioned a SANS report on a possible zero day exploit against Internet Explorer. Today they have more details in the handlers diary. Among other things SANS has issued a patch for it.    Send article as PDF