It appears that customer support discussion forums on the forums.amd.com site have been used to spread a WMF exploit. First reported on Monday in a blog posting by Mikko Hypponen (manager of antivirus research at F-Secure Corp. in Helsinki), the problem saw hackers exploiting a widely reported flaw in the way the Windows operating system renders images that use the WMF (Windows Metafile) graphics format.
Attackers have figured out a way to use AMD's forums to deliver maliciously encoded WMF images to visitors, which are then used to install unauthorized software on the unpatched systems, he said.
In this case, the software appears to be a number of different malicious tool bars. "Most of the tool bars show pop-ups, follow your search and other keyword activity, and use that to target ads to you," Hypponen said. "It's for-profit hacking. Somebody is making money from each machine that is hit by these tool bars."
The vulnerability enabled attackers to install any type of software they wanted on unpatched systems. How the attackers were able to compromise the AMD forums is unclear.