On CBS.com: Tom Hanks makes surprise visit
BNET Business Network:
BNET
TechRepublic
ZDNet
264 TalkBacks

By Elinor Mills
Posted on ZDNet News: Dec 29, 2005 12:04:00 AM

A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in Windows systems to sneak onto computers, then dropping adware or spyware or turning them into zombies, according to several Internet security companies.

The Trojan, dubbed Exploit-WMF (Windows Meta File), was rated a category 2 level risk, meaning it had the potential to continue to spread, said Dave Cole, director of security response at Symantec.

The exploit "is misusing a function in the WMF library in Windows," dropping onto the machine a downloader Trojan "that pulls down its big brother, a more sophisticated Trojan" from a server on the Internet, he said.

"Then it might try to pull down adware, spyware or a bot program," that can turn the computer into a zombie to be used for attacking other machines or sending spam, or just leave a hole on the computer through which sensitive data could be stolen, Cole said.

Kaspersky Lab rated the vulnerability "highly critical" and predicted that "new modifications of these programs may well appear in the near future."

The WMF vulnerability affects computers running Windows XP with Service Pack 1 and Service Pack 2, as well as Windows Server 2003 with Service Pack 0 and Service Pack 1. It can be exploited when an Internet Explorer user, or Firefox user under certain circumstances, visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer, Kaspersky said in a statement.

The WMF library allows the computer to handle particular image types of Windows machines, Cole said. There is no patch for it yet from Microsoft, although antivirus vendors had released software to help protect against it, he said.

"Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the reports to help provide additional guidance for customers," a Microsoft spokesperson wrote in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect customers, which may include providing a fix through the monthly release process or issuing a security advisory, depending on customer needs."

Windows users can get more information about security issues at http://support.microsoft.com/security.

  • Talkback
  • Most Recent of 264 Talkback(s)
"While NT was perhaps flawed..."
Interesting....

You might want to read some real world experiences so that you know how flawed the NT was Read the rest)
Posted by: freedom2k Posted on: 01/05/06 You are currently: Logged In | Log out
FYI toadlife   | 12/28/05
links toadlife   | 12/28/05
Toad, thanks for the info Real World   | 12/29/05
Want a solution? Jeff Spicoli   | 12/29/05
once you go Mac you... JohnRoche   | 12/30/05
Want a solution... nomorems   | 12/29/05
Yes java.user   | 12/29/05
Which is just as silly nomorems   | 12/29/05
LOL java.user   | 12/29/05
Ummm... nomorems   | 12/29/05
Don't mutter, speak up! java.user   | 12/30/05
Java.user is a typical MS shill nomorems   | 12/30/05
Get your facts straight java.user   | 12/30/05
So you are safe right? jjanks   | 12/29/05
huh? toadlife   | 12/29/05
No way educateme@...   | 12/28/05
Film at 11..... jinko   | 12/29/05
Cha ching zmud   | 12/29/05
How long is it until "patch tuesday".... jinko   | 12/29/05
Microsoft - Spyware's best friend... BitTwiddler   | 12/29/05
Only triggered automatically by IE, not Firefox mpiacentini   | 12/29/05
Agreed my.subscriptions@...   | 12/29/05
Are you sure? unoriginal_sin   | 12/29/05
Sure. mpiacentini   | 12/29/05
Ok.... so... Wolfie2K3   | 12/29/05
This is as straight as possible, read it again mpiacentini   | 12/29/05
Agree! nomorems   | 12/29/05
Not Fireflop. benf_z   | 12/29/05
Sure it is . . . tjleeland   | 12/29/05
Fireflop? cafeoui   | 12/29/05
Hey, BeniFer nomorems   | 12/29/05
Fireflop? nomorems   | 12/29/05
Avoid IE, outlook rcb_z   | 12/29/05
Ummm... nomorems   | 12/29/05
anti-windows FUD rcb_z   | 12/29/05
No it wouldn't! Linux User 147560   | 12/29/05
oh yeah? rcb_z   | 12/29/05
Here I will type real slow for you... Linux Advocate   | 12/30/05
Linux zombie rcb_z   | 12/30/05
Could it persay, Boot_Agnostic   | 12/30/05
does it matter? rcb_z   | 12/30/05
Firefox Security ZDNoid   | 12/31/05
Linux not there yet Chad_z   | 12/29/05
Re: Linux not there yet Linux_Suxs_a_Mac   | 12/29/05
Hey Linux Advocate   | 12/29/05
Yeah, about that... Real World   | 12/29/05
Wheeeeeeeeeeee where to start!!! Sabz5150   | 12/29/05
Clear as mud unoriginal_sin   | 12/29/05
Not a problem! Sabz5150   | 12/29/05
You're right maldain   | 12/29/05
Dependencies not so much a problem anymore Sabz5150   | 12/29/05
a JOKE you idots... Linux_Suxs_a_Mac   | 12/29/05
Mission Accomplished...NOT! nomorems   | 12/29/05
You succeeded... Immanuel Tranz-Mischen   | 12/29/05
It's a line drive zmud   | 12/30/05
I hate package managers too Sgt. Pinback   | 12/29/05
You are an MS Loser!! nomorems   | 12/29/05
Bah Codedigital   | 12/29/05
Linux & Market Share Too Old For IT   | 12/29/05
Sorry, but that's a poor analogy maldain   | 12/29/05
Born for IT... nomorems   | 12/29/05
Bah sadmin   | 12/29/05
Yeah. What he said! minnarky   | 12/29/05
Not true java.user   | 12/29/05
Dude! FYI for you! nomorems   | 12/29/05
Wow java.user   | 12/29/05
UMHUM nomorems   | 12/29/05
LOL java.user   | 12/29/05
Awww... nomorems   | 12/29/05
ROFLMAO java.user   | 12/29/05
OK,now you are pulling out all the stops... nomorems   | 12/30/05
Hit a sore spot huh? java.user   | 12/30/05
Happy New Year! nomorems   | 12/30/05
Happy New Year! (this we agree on =P) java.user   | 12/30/05
Yes True sadmin   | 12/29/05
No java.user   | 12/29/05
"While NT was perhaps flawed..." freedom2k   | 01/05/06
Well said, and neatly presented rupix   | 12/29/05
Please... nomorems   | 12/29/05
Yeah...Really? nomorems   | 12/29/05
Wrong again! java.user   | 12/29/05
Users with attitudes like yours ... Too Old For IT   | 12/29/05
Time to buy that coffee shop... cafeoui   | 12/29/05
Another Linux Fanboi Heard From... Wolfie2K3   | 12/29/05
Another Windows Wolfie heard from... cafeoui   | 12/29/05
Ironic java.user   | 12/29/05
Funny! nomorems   | 12/29/05
Awwwww java.user   | 12/29/05
Oh silly java.user who's really a .Net user... nomorems   | 12/29/05
Don't worry nomorems java.user   | 12/29/05
java.user is obviously a different kind of user.. nomorems   | 12/29/05
That's right java.user   | 12/29/05
Silly Rabbit, Windows is for Kids! nomorems   | 12/29/05
Did mommy and daddy tell you that? java.user   | 12/29/05
OK- java.user is just a crazy nut! nomorems   | 12/29/05
NT nomorems   | 12/29/05
Salary envy too eh? java.user   | 12/29/05
Make me laugh rupix   | 12/29/05
I'll take your bet! java.user   | 12/30/05
I wondered why none of the WMF attachements worked on linux Sgt. Pinback   | 12/29/05
8.9 !! nomorems   | 12/29/05
I feel your pain. Immanuel Tranz-Mischen   | 12/29/05
You get SPAM!? Linux User 147560   | 12/29/05
Tons Immanuel Tranz-Mischen   | 12/30/05
Day Late, Dollar Short ClaireD46   | 12/29/05
Can you boot to a Knoppix disk ... Too Old For IT   | 12/29/05
That's curious... techboy_z   | 12/29/05
AVAST! and spybot Airwolph   | 12/29/05
And what's the operative phrase here? Wolfie2K3   | 12/29/05
Sure tslocum7   | 12/29/05
Er.. Try reading the article... Wolfie2K3   | 12/29/05
K... nomorems   | 12/29/05
Message has been deleted. toxicfreak   | 12/29/05
Message has been deleted. Too Old For IT   | 12/29/05
Message has not been deleted (yet). Immanuel Tranz-Mischen   | 12/29/05
But Windows can boot faster! Linux Advocate   | 12/29/05
Has George OU checked this out? duclod   | 12/29/05
Dudes probably on vacation jion   | 12/29/05
I am sure that he will soon present his results with michael_t   | 12/30/05
This is windows, what do you expect? Shelendrea   | 12/29/05
FINALLY! Too Old For IT   | 12/29/05
of course..... Shelendrea   | 12/29/05
RE: of course..... Protagonistic   | 12/29/05
Yep java.user   | 12/29/05
Vista? abnranger76   | 12/29/05
Sure java.user   | 12/29/05
The blame lies with Microsoft StevoCJ   | 12/30/05
Outstanding People   | 12/29/05
Thankyou Shelendrea   | 12/29/05
On behalf of those using another OS... Harry Bardal   | 12/29/05
Try again Real World   | 12/29/05
Non-sequitor JDThompson   | 12/29/05
Actually Apache DOES have more exploits java.user   | 12/29/05
Shelendrea.. nomorems   | 12/29/05
Hmmm... java.user   | 12/29/05
nomorems Shelendrea   | 12/30/05
That is a big, fat lie Chad_z   | 12/29/05
Liar Liar Pants on Fire......... Shelendrea   | 12/29/05
Clearly, you do not understand software engineering... cafeoui   | 12/29/05
Oh please...... Shelendrea   | 12/29/05
So you have a vested interest... Erik1234   | 12/29/05
Yes I do Shelendrea   | 12/29/05
Something to note about permissions vs. accounts. olePigeon   | 12/29/05
Time to end this discussion... cafeoui   | 12/29/05
whatever Shelendrea   | 12/29/05
7 years of computing Linux User 147560   | 12/29/05
Re; whatever pubmonster   | 12/29/05
re: 7 years of computing java.user   | 12/29/05
I don't own Linux User 147560   | 12/29/05
Tired? Harry Bardal   | 12/29/05
re: Tired? Shelendrea   | 12/29/05
You must be averse to analogies... cafeoui   | 12/29/05
Ummm nomorems   | 12/29/05
"...manipulative?" cafeoui   | 12/29/05
Re: manipulative pubmonster   | 12/29/05
Guess what Shelendrea ? nomorems   | 12/29/05
Anger management issues Chad_z   | 12/30/05
You can't be serious. minnarky   | 12/29/05
Doesn't matter Shelendrea   | 12/29/05
Shelendrea wrote: nomorems   | 12/29/05
Sure enough.. nomorems   | 12/29/05
I am serious... Doc Farmer   | 12/29/05
Ok Shelendrea   | 12/29/05
RE: Liar Liar Pants on Fire......... Protagonistic   | 12/29/05
OT, but if the OS operates in user space by default Sgt. Pinback   | 12/29/05
People love believing surface ideology without digging into it. HypnoToad   | 12/29/05
overrated rcb_z   | 12/29/05
Well that is pretty easy! Linux User 147560   | 12/29/05
More nonsense rcb_z   | 12/30/05