Saturday, December 31, 2005

Best Wishes and WMF exploit again!

It was only a matter of time, the first IM-Worm exploiting the wmf vulnerability has been spotted. I have received multiple reports from the Netherlands about an IM-Worm which spreads via MSN using a link to "http://[snip]/xmas-2006 FUNNY.jpg". The jpg is actually an HTML page with a (link to a) malicious wmf file.

I also spotted a new marvelous weblog called hexblog. It's the Blog from Ilfak Guilfanov. He's the main author of IDA (Interactive Disassembler Pro which you can find at my friend Pierre's site: ) and is one of the best low-level Windows experts in the world. He got a description with a nice temporarily solution for the wmf exploit.
More details from Ilfak's blog: .
Ilfak recommends you to uninstall this fix and use the official patch from Microsoft as soon as it is available.

Let's hope we don't get too much outbreaks using this new WMF distribution method next year. At this moment I'm getting ready to start with my New Year's Dinner ... hhhhmmmm ... Lobster!!!

My Best Wishes for the New Year 2006 to all of you!