On CHOW: Groundbreaking hangover cure
BNET Business Network:
BNET
TechRepublic
ZDNet
264 TalkBacks

By Elinor Mills
Posted on ZDNet News: Dec 29, 2005 12:04:00 AM

A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in Windows systems to sneak onto computers, then dropping adware or spyware or turning them into zombies, according to several Internet security companies.

The Trojan, dubbed Exploit-WMF (Windows Meta File), was rated a category 2 level risk, meaning it had the potential to continue to spread, said Dave Cole, director of security response at Symantec.

The exploit "is misusing a function in the WMF library in Windows," dropping onto the machine a downloader Trojan "that pulls down its big brother, a more sophisticated Trojan" from a server on the Internet, he said.

"Then it might try to pull down adware, spyware or a bot program," that can turn the computer into a zombie to be used for attacking other machines or sending spam, or just leave a hole on the computer through which sensitive data could be stolen, Cole said.

Kaspersky Lab rated the vulnerability "highly critical" and predicted that "new modifications of these programs may well appear in the near future."

The WMF vulnerability affects computers running Windows XP with Service Pack 1 and Service Pack 2, as well as Windows Server 2003 with Service Pack 0 and Service Pack 1. It can be exploited when an Internet Explorer user, or Firefox user under certain circumstances, visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer, Kaspersky said in a statement.

The WMF library allows the computer to handle particular image types of Windows machines, Cole said. There is no patch for it yet from Microsoft, although antivirus vendors had released software to help protect against it, he said.

"Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the reports to help provide additional guidance for customers," a Microsoft spokesperson wrote in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect customers, which may include providing a fix through the monthly release process or issuing a security advisory, depending on customer needs."

Windows users can get more information about security issues at http://support.microsoft.com/security.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 264 Talkback(s)
"While NT was perhaps flawed..."
Interesting....

You might want to read some real world experiences so that you know how flawed the NT was happy
Yes,... (Read the rest)
Posted by: freedom2k Posted on: 01/05/06 You are currently: a Guest | | Terms of Use
FYI  toadlife | 12/28/05
links  toadlife | 12/28/05
Toad, thanks for the info  Real World | 12/29/05
Want a solution?  Jeff Spicoli | 12/29/05
once you go Mac you...  jbroche18 | 12/30/05
Want a solution...  nomorems | 12/29/05
Yes  java.user | 12/29/05
Which is just as silly  nomorems | 12/29/05
LOL  java.user | 12/29/05
Ummm...  nomorems | 12/29/05
Don't mutter, speak up!  java.user | 12/30/05
Java.user is a typical MS shill  nomorems | 12/30/05
Get your facts straight  java.user | 12/30/05
So you are safe right?  jjanks | 12/29/05
huh?  toadlife | 12/29/05
No way  educateme@... | 12/28/05
Film at 11.....  jinko | 12/29/05
Cha ching  zmud | 12/29/05
How long is it until "patch tuesday"....  jinko | 12/29/05
Microsoft - Spyware's best friend...  BitTwiddler | 12/29/05
Only triggered automatically by IE, not Firefox  mpiacentini | 12/29/05
Agreed  my.subscriptions@... | 12/29/05
Are you sure?  unoriginal_sin | 12/29/05
Sure.  mpiacentini | 12/29/05
Ok.... so...  Wolfie2K3 | 12/29/05
This is as straight as possible, read it again  mpiacentini | 12/29/05
Agree!  nomorems | 12/29/05
Not Fireflop.  benf_z | 12/29/05
Sure it is . . .  tjleeland | 12/29/05
Fireflop?  cafeoui | 12/29/05
Hey, BeniFer  nomorems | 12/29/05
Fireflop?  nomorems | 12/29/05
Avoid IE, outlook  rcb_z | 12/29/05
Ummm...  nomorems | 12/29/05
anti-windows FUD  rcb_z | 12/29/05
No it wouldn't!  Linux User 147560 | 12/29/05
oh yeah?  rcb_z | 12/29/05
Here I will type real slow for you...  Linux Advocate | 12/30/05
Linux zombie  rcb_z | 12/30/05
Could it persay,  Boot_Agnostic | 12/30/05
does it matter?  rcb_z | 12/30/05
Firefox Security  ZDNoid | 12/31/05
Linux not there yet  Chad_z | 12/29/05
Re: Linux not there yet  Linux_Suxs_a_Mac | 12/29/05
Hey  Linux Advocate | 12/29/05
Yeah, about that...  Real World | 12/29/05
Wheeeeeeeeeeee where to start!!!  Sabz5150 | 12/29/05
Clear as mud  unoriginal_sin | 12/29/05
Not a problem!  Sabz5150 | 12/29/05
You're right  maldain | 12/29/05
Dependencies not so much a problem anymore  Sabz5150 | 12/29/05
a JOKE you idots...  Linux_Suxs_a_Mac | 12/29/05
Mission Accomplished...NOT!  nomorems | 12/29/05
You succeeded...  Immanuel Tranz-Mischen | 12/29/05
It's a line drive  zmud | 12/30/05
I hate package managers too  ~doolittle~ | 12/29/05
You are an MS Loser!!  nomorems | 12/29/05
Bah  Codedigital | 12/29/05
Linux & Market Share  Too Old For IT | 12/29/05
Sorry, but that's a poor analogy  maldain | 12/29/05
Born for IT...  nomorems | 12/29/05
Bah  sadmin | 12/29/05
Yeah. What he said!  minnarky | 12/29/05
Not true  java.user | 12/29/05
Dude! FYI for you!  nomorems | 12/29/05
Wow  java.user | 12/29/05
UMHUM  nomorems | 12/29/05
LOL  java.user | 12/29/05
Awww...  nomorems | 12/29/05
ROFLMAO  java.user | 12/29/05
OK,now you are pulling out all the stops...  nomorems | 12/30/05
Hit a sore spot huh?  java.user | 12/30/05
Happy New Year!  nomorems | 12/30/05
Happy New Year! (this we agree on =P)  java.user | 12/30/05
Yes True  sadmin | 12/29/05
No  java.user | 12/29/05
"While NT was perhaps flawed..."  freedom2k | 01/05/06
Well said, and neatly presented  rupix | 12/29/05
Please...  nomorems | 12/29/05
Yeah...Really?  nomorems | 12/29/05
Wrong again!  java.user | 12/29/05
Users with attitudes like yours ...  Too Old For IT | 12/29/05
Time to buy that coffee shop...  cafeoui | 12/29/05
Another Linux Fanboi Heard From...  Wolfie2K3 | 12/29/05
Another Windows Wolfie heard from...  cafeoui | 12/29/05
Ironic  java.user | 12/29/05
Funny!  nomorems | 12/29/05
Awwwww  java.user | 12/29/05
Oh silly java.user who's really a .Net user...  nomorems | 12/29/05
Don't worry nomorems  java.user | 12/29/05
java.user is obviously a different kind of user..  nomorems | 12/29/05
That's right  java.user | 12/29/05
Silly Rabbit, Windows is for Kids!  nomorems | 12/29/05
Did mommy and daddy tell you that?  java.user | 12/29/05
OK- java.user is just a crazy nut!  nomorems | 12/29/05
NT  nomorems | 12/29/05
Salary envy too eh?  java.user | 12/29/05
Make me laugh  rupix | 12/29/05
I'll take your bet!  java.user | 12/30/05
I wondered why none of the WMF attachements worked on linux  ~doolittle~ | 12/29/05
8.9 !!  nomorems | 12/29/05
I feel your pain.  Immanuel Tranz-Mischen | 12/29/05
You get SPAM!?  Linux User 147560 | 12/29/05
Tons  Immanuel Tranz-Mischen | 12/30/05
Day Late, Dollar Short  ClaireD46 | 12/29/05
Can you boot to a Knoppix disk ...  Too Old For IT | 12/29/05
That's curious...  techboy_z | 12/29/05
AVAST! and spybot  Airwolph | 12/29/05
And what's the operative phrase here?  Wolfie2K3 | 12/29/05
Sure  tslocum7 | 12/29/05
Er.. Try reading the article...  Wolfie2K3 | 12/29/05
K...  nomorems | 12/29/05
Message has been deleted.  toxicfreak | 12/29/05
Message has been deleted.  Too Old For IT | 12/29/05
Message has not been deleted (yet).  Immanuel Tranz-Mischen | 12/29/05
But Windows can boot faster!  Linux Advocate | 12/29/05
Has George OU checked this out?  duclod | 12/29/05
Dudes probably on vacation  jion | 12/29/05
I am sure that he will soon present his results with  michael_t | 12/30/05
This is windows, what do you expect?  Shelendrea | 12/29/05
FINALLY!  Too Old For IT | 12/29/05
of course.....  Shelendrea | 12/29/05
RE: of course.....  Protagonistic | 12/29/05
Yep  java.user | 12/29/05
Vista?  abnranger76 | 12/29/05
Sure  java.user | 12/29/05
The blame lies with Microsoft  StevoCJ | 12/30/05
Outstanding  People | 12/29/05
Thankyou  Shelendrea | 12/29/05
On behalf of those using another OS...  Harry Bardal | 12/29/05
Try again  Real World | 12/29/05
Non-sequitor  JDThompson | 12/29/05
Actually Apache DOES have more exploits  java.user | 12/29/05
Shelendrea..  nomorems | 12/29/05
Hmmm...  java.user | 12/29/05
nomorems  Shelendrea | 12/30/05
That is a big, fat lie  Chad_z | 12/29/05
Liar Liar Pants on Fire.........  Shelendrea | 12/29/05
Clearly, you do not understand software engineering...  cafeoui | 12/29/05
Oh please......  Shelendrea | 12/29/05
So you have a vested interest...  Erik1234 | 12/29/05
Yes I do  Shelendrea | 12/29/05
Something to note about permissions vs. accounts.  olePigeon | 12/29/05
Time to end this discussion...  cafeoui | 12/29/05
whatever  Shelendrea | 12/29/05
7 years of computing  Linux User 147560 | 12/29/05
Re; whatever  pubmonster | 12/29/05
re: 7 years of computing  java.user | 12/29/05
I don't own  Linux User 147560 | 12/29/05
Tired?  Harry Bardal | 12/29/05
re: Tired?  Shelendrea | 12/29/05
You must be averse to analogies...  cafeoui | 12/29/05
Ummm  nomorems | 12/29/05
"...manipulative?"  cafeoui | 12/29/05
Re: manipulative  pubmonster | 12/29/05
Guess what Shelendrea ?  nomorems | 12/29/05
Anger management issues  Chad_z | 12/30/05
You can't be serious.  minnarky | 12/29/05
Doesn't matter  Shelendrea | 12/29/05
Shelendrea wrote:  nomorems | 12/29/05
Sure enough..  nomorems | 12/29/05
I am serious...  Doc Farmer | 12/29/05
Ok  Shelendrea | 12/29/05
RE: Liar Liar Pants on Fire.........  Protagonistic | 12/29/05
OT, but if the OS operates in user space by default  ~doolittle~ | 12/29/05
People love believing surface ideology without digging into it.  HypnoToad | 12/29/05
overrated  rcb_z | 12/29/05
Well that is pretty easy!  Linux User 147560 | 12/29/05
More nonsense  rcb_z | 12/30/05
Stop it rcb!  toadlife | 12/30/05
linux weenies  rcb_z | 12/30/05
Fine  Linux Advocate | 12/30/05
Learn to read  rcb_z | 12/30/05
I think what LA is saying  Linux User 147560 | 12/30/05
RE: Learn to read  Linux Advocate | 12/30/05
Reply to both  rcb_z | 12/30/05
Learn to understand  barsteward | 12/30/05
You are the one that should learn to understand  rcb_z | 12/30/05
MSN Messenger beta 8 virus also - OT, but related  ~doolittle~ | 12/29/05
Wake me up...  dbrimlow | 12/29/05
Thank you, db...  cafeoui | 12/29/05
Rants aside (IE vs. FF)  dbrimlow | 12/29/05
Hmm...  cafeoui | 12/29/05
There you go  Shelendrea | 12/29/05
Sure, but...  JDThompson | 12/29/05
No big deal...  Mike Cox | 12/29/05
LOL MIKE!!!!!!  Airwolph | 12/29/05
Did he offer psycotropic sweets too?  JDThompson | 12/29/05
5  Erik1234 | 12/29/05
Come on...  cafeoui | 12/29/05
Good one!  DangDaCommonCentz | 12/29/05
Song????  m-nature | 01/03/06
What, no food?  Len Rooney | 12/29/05
8.0  s_gamgee | 12/29/05
Lemme get this straight...  JDThompson | 12/29/05
Correct  kray_z | 12/29/05
who's perfect?  joyzine1 | 12/30/05
8.945  nomorems | 12/29/05
PLEASE!!!!!!  rupix | 12/29/05
7.0 Not You're Best Mikey  tbbrickster_z | 01/03/06
trojan hole  unicon77 | 12/29/05
Here is some help...  Linux User 147560 | 12/29/05
So...  jknight_z | 12/29/05
Did you miss the part that  Linux User 147560 | 12/29/05
I missed?  jknight_z | 12/29/05
Are all users idiots???  nomorems | 12/29/05
Well...  Linux User 147560 | 12/30/05
Not just a question of users  jknight_z | 01/02/06
Linux sucks  zmud | 12/30/05
Windows security & migration  bachware | 12/29/05
THANKFULLY this isnt the 80's  Airwolph | 12/29/05
Evolution is your answer...  Linux User 147560 | 12/29/05
Two things:  HypnoToad | 12/29/05
"...and unfettered greed..."  cafeoui | 12/29/05
Unfetterd.. NOT even close  Airwolph | 12/29/05
...is too! wink  cafeoui | 12/29/05
By that rational  jknight_z | 12/29/05
I didn't say it's wrong to give...  cafeoui | 12/29/05
Yeah but  jknight_z | 12/29/05
bah  up_n_onward@... | 12/29/05
I'll put my money where my mouth is...  cafeoui | 12/29/05
Peace  java.user | 12/29/05
Amen  Linux User 147560 | 12/29/05
Yes and it has also rendered  Linux User 147560 | 12/29/05
A trip down memory lane...  cafeoui | 12/29/05
Message has been deleted.  cafeoui | 12/29/05
No....  nomorems | 12/30/05
Nice to know...  Winwoes_infected_Linux_cured | 01/03/06
Nice to know...  Winwoes_infected_Linux_cured | 01/03/06
Comtek, silly unobservant child...  nomorems | 12/29/05
No More MS  Shelendrea | 12/30/05
You misquoted  up_n_onward@... | 12/29/05
This is not a news  jolumoar | 12/29/05
How do I uninstall Windows Media Player? Oh, I forgot, I cant!!!  xunil skcor | 12/29/05
Y'know, if "Linux Rocks" so much,  PB_z | 01/03/06
Totally off topic reply  mobrien_12@... | 01/03/06
Nyaa Nyaa Nuh NYAAAA Nyaa!  Doc Farmer | 12/29/05
Windows just plain SUCKS!!!  Jeff Spicoli | 12/29/05
But not as much as you!!  Confused by religion | 12/29/05
And you would know this about jeff  Shelendrea | 12/29/05
Once again,  Jack-Booted EULA | 12/29/05
Message has been deleted.  nomorems | 12/29/05
You don't give other Zdnet posters  Boot_Agnostic | 01/03/06
See this is why....  Shelendrea | 12/30/05
about obscene fees  Shelendrea | 12/30/05
I thought that all holes have already been closed the  michael_t | 12/30/05
Shut up mike  Jeff the god of biscuits | 01/02/06
Q.: Are more attacks to follow?  Betelgeuse58 | 12/30/05
Billions spent, billions lost  mlindl | 12/30/05
No  java.user | 12/30/05
Seeing the effects  joyzine1 | 12/30/05
The stream of Windows specific malware is endless  whisperycat | 12/30/05
Post hoc ergo propter hoc  Jeff the god of biscuits | 01/02/06
Post hoc ergo propter hoc  Jeff the god of biscuits | 01/02/06
Post hoc ergo propter hoc  Jeff the god of biscuits | 01/02/06
and some appologists need to demonstrate their re@r kissing three times nt  michael_t | 01/02/06
Why?!  Andromedat6 | 12/30/05
Another year is going with all the mallware spreading even faster  michael_t | 12/30/05
It is especially disturbing....  mobrien_12@... | 12/30/05
Apparently, DEP might not help you here.  Yen_z | 01/01/06
Questionable design of WMF  tombalablomba | 01/02/06
Just waiting for the OS written by the perfect robot  Boot_Agnostic | 01/02/06
Trojan's and viruses are bad and not to be celebrated  Boot_Agnostic | 01/03/06
No Problem Browsing  john public | 01/03/06

What do you think?

advertisement
advertisement

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here