chiawaikian Posted February 17, 2006 Share Posted February 17, 2006 The first worm (mass mailer) to (ab)use the WMF 0day is now spreading in Australia. Our initial reports indicate the worm is not massive, however it steals financial information from users (Phishing Trojan from a known group) it infects and is causing quite a buzz in Australian media. We expect it to break as a full-blown media hype this morning, tops tomorrow morning. The worm *does* do the said damage, but as we said does not seem to be widely spread. No reports outside of Australia have been received as of yet. The emails themselves do not contain the payload, but rather a URL to sites that will infect users. Both the sites that did this are now down, I expect the next one to be up soon (or the bad guys will just get a new variant out in a few days). Abusing websites is mostly how WMF is exploited, but no much in the way of emails before today. (almost) All anti virus vendors do not detect this worm (it?s new), a couple detect it heuristically. (almost) All anti virus vendors detect the attachment regardless because of the WMF exploit detection routines. Hopefully, all AV companies will detect this soon. I know most will. Source: http://blogs.securiteam.com/index.php/archives/293 Link to comment Share on other sites More sharing options...
krit86lr Posted February 17, 2006 Share Posted February 17, 2006 Thanks Chia. I appreciate the 'Heads Up'. Have a good day! Windows Pro Media 8.1 x64 | 8GB Ram | 500G HDD 7200 RPM | All that I know about my graphics is that it's Intel Link to comment Share on other sites More sharing options...
lokoike Posted February 18, 2006 Share Posted February 18, 2006 Thanks Chia. I appreciate the 'Heads Up'. Have a good day! Yeah, I got the WinUpdate for that one the day it came out! As soon as I heard of the WMF vulnerability's existence, I ran WinUpdate a couple times a day, until Microsoft finally decided to patch it. Good thing too, judging by that article! Save a tree, eat a beaver. Save a tree, wipe with an owl. Every time a bell rings, a thread gets hijacked! ding, ding! Give Andavari lots of money and maybe even consider getting K a DVD-RW drive. If it's not Scottish, IT'S CRAP!!! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now