New WMF exploit attacks via email


Some clown is spamming out "Happy New Year" emails which will infect Windows machines very easily. These emails contain a new version of the WMF exploit, which doesn't seem to be related to the two earlier Metasploit WMF exploits we've seen.....

When the HappyNewYear.jpg hits the hard drive and is accessed (file opened, folder viewed, file indexed by Google Desktop), it executes and downloads a Bifrose backdoor (detected by us as Backdoor.Win32.Bifrose.kt) from www[dot]ritztours.com. Admins, filter this domain at your firewalls. F-Secure : News from the Lab

Linked by shanmuga Sunday, 1st January 2006 9:47PM