Trojan alert over unpatched Windows flaw

By Derek Sooman on December 29, 2005, 1:16 PM
Malicious hackers have exploited the new Windows Meta File vulnerability to create a range of Trojan programs. The vulnerability, which exists in machines running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003, can be exploited by tricking victims to view specially constructed sites, especially where IE is used as a browser.

Windows PCs infected by malware from the Trojan-Downloader Agent-ACD family are liable to download other malware programs onto a compromised machine

Kaspersky advises users not to open untrusted files with a *.wmf extension.




User Comments: 9

Got something to say? Post a comment
Rhianntp said:
Precisely the reason why I check Windows Update on a regular basis...
PanicX said:
While keeping your computer patched and up to date is a good thing, Microsoft currently has no fix for the WMF exploit. There is a workaround available but its still possible to be exploited even with the work arounds.[url=http://www.microsoft.com/technet/security/advis
ry/912840.mspx]Microsoft Security Advisory[/url]
luvhuffer said:
The problem with the work around, to unregister the Shimgvw.dll file is that you will no longer be able to view thumbnails in Windows Explorer. Another work around, a registry fix will offer the same protection but will still allow thumbnails to be viewed.In the Regedit program go to the key: HKEY_LOCAL_MACHINESOFTWAREClassesSystemFileAssociationsimage
hellExContextMenuHandlersShellImagePreview Then delete the default value. To re-enable the feature, go to the same key and set the default value as a REG_SZ to "{e84fda7c-1d6a-45f6-b725-cb260c236066}". The workaround has been confirmed by iDEFENSE as effective in preventing the current versions of the exploit, with a caveat. Previous vulnerabilities in the parsing of WMF files have led to additional vulnerabilities in EMF files, a later version of the metafile format. iDEFENSE warns that this workaround may not be effective against such future attacks. You can read more here.[url]http://www.eweek.com/article2/0,1895,1906211,00.as
?kc=ewnws122905dtx1k0000599[/url]
MonkeyMan said:
Well, I am currently using Avant Browser, not the internet explorer browser, way to many bugs, also, It seems like with every update, there always has to be another trojan or virus or something made by a hacker. Microsoft has to always be up to date on these things lol. Man, I'm to sexy for my shirt, to sexy for my shoes, to sexy for my pants, to sexy for my belt, to sexy for my mom, to sexy for girlfriend, to sexy for my computer, to sexy for my professor, to sexy for my hat, what do you think about that?
Nodsu said:
Avant [b]is[/b] IE and it has all the IE bugs. Don't let yourself be fooled by the shiny interface.
mentaljedi said:
firefox has some compatibility issues with a coule of sites, but i prefer it to IE. This is another reason why.
luvhuffer said:
An update on this. The registry fix I posted above has proved TO NOT be a viable workaround. That leaves unregistering the .dll file and/or hoping your spyware huristic analysis is up to the task. 50 variants and counting so far.
nathanskywalker said:
Did i just hear another windows exploit? surprising...
luismigilbert said:
it's funny how often hackers create new virus...install an AV and Antispyware and keep both of them up to date..enable automatic updates from windows...this helps...
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.