Wed, Dec 28 2005 12:03
"A good bug wasted on a malware site"
On the security listserves, there's discussion of a image vulnerablity that uses WMF files to inflect/inject malware... and one of the posters had a line about it that had me laughing ... "a good bug wasted on a malware site".
The discussion of this bug [for which at this time, there is no patch] is discussed on
And as reported by Andreas Marx, some A/V companies are already creating signatures for this.....
Dr Web Exploit.MS05-053
McAfee (BETA) Exploit-WMF trojan
Symantec (BETA) Download.Trojan
If you enable DEP to cover all programs the WMF exploit attempt will result in a warning as per www.incidents.org but folks are recommending a blended protection:
Filed under: Security
- Using up to date antivirus
- Enabling DEP
- Teaching users not to click on suspicious links
- Blocking wmf files at the border