More trouble is brewing with malware using the WMF vulnerability present in unpatched Windows systems, as security experts are warning of spam emails containing malware that uses social engineering playing on the growing fear of a bird flu epidemic to trick users into visiting a website to run malicious code.
Using the subject "Attention Bird Flu in England", the mail tries to get users to click on a link to go either of two websites to get more information (or rather, to run malware!)
Upon clicking on a link, users are directed to a website which claims that you have been blocked from accessing it. This appears to be another trick by the attacker to make the user believe that the site has either been disabled or shutdown.
Within the HTML, an IFRAME is loaded that uses the recent WMF exploit to run code without user-intervention. The code is a Trojan horse downloader, which connects to another site to download new malicious code. The filename is "expl1.wmf," which downloads and runs "expl1.exe.", Websense Security Labs warned.