Computerworld - Attempts to exploit a flaw in Windows WMF files have "become increasingly serious over the past two days" with "significant developments ... in the past few hours," according to a New Year's Day alert issued by iDefense Inc.
"Risk has gone up significantly in the past 24 hours for any network still not protected against the WMF exploit," it said.
Attacks are carried out through a vulnerability in the way Windows XP and Windows Server 2003 handle corrupted Windows Metafile graphic files (see "Malicious hackers exploit zero-day Windows flaw"). So far, it appears that Windows Data Execution Prevention software or disabling Windows' shimgvw.dll file will block WMF attacks to date, according to iDefense.
The HappyNY.A attack has been using an e-mail with the subject "happy new year" and includes the attached file HappyNewYear.jpg. That file, actually a hostile WMF file, installs the Bifrose backdoor Trojan in the victim's system when the file executes.
Websense Security Labs says it is tracking "several dozen" Web sites seeking to use the WMF vulnerability. More information is available on the Websense blog at www.websensesecuritylabs.com/blog.
"WMF exploitation has started to take off in the wild," iDefense spokesman Ken Dunham said in an e-mail statement. "Dozens if not hundreds of WMF exploiting sites are likely to be reported in the coming days and weeks.
"A new, upgraded WMF exploit was posted to the public today and is highly functional," Dunham added.
For more on this, see "How to protect against Windows WMF attacks".
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
