Wed, Dec 28 2005 12:03
bradley
"A good bug wasted on a malware site"
On the security listserves, there's discussion of a image vulnerablity that uses WMF files to inflect/inject malware... and one of the posters had a line about it that had me laughing ... "a good bug wasted on a malware site".
The discussion of this bug [for which at this time, there is no patch] is discussed on
http://www.f-secure.com/weblog/archives/archive-122005.html#00000752
http://isc.sans.org/diary.php?storyid=972
http://www.heise.de/newsticker/meldung/67794
And as reported by Andreas Marx, some A/V companies are already creating signatures for this.....
AntiVir TR/Dldr.WMF.Small
Dr Web Exploit.MS05-053
F-Secure Exploit.Win32.Agent.r
Fortinet W32/WMF-exploit
Kaspersky Exploit.Win32.Agent.r
McAfee (BETA) Exploit-WMF trojan
Symantec (BETA) Download.Trojan
If you enable DEP to cover all programs the WMF exploit attempt will result in a warning as per www.incidents.org but folks are recommending a blended protection:
- Using up to date antivirus
- Enabling DEP
- Teaching users not to click on suspicious links
- Blocking wmf files at the border
Filed under: Security
![[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.]](http://www.sbslinks.com/images/headertop.png "There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not!")