Advertisement
Promo

Security threats Toolkit

Exploit targets hole in Windows

Elinor Mills ZDNet.co.uk

Published: 29 Dec 2005 10:10 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in Windows systems to sneak onto computers, then dropping adware or spyware or turning them into zombies, according to several Internet security companies.

The Trojan, dubbed Exploit-WMF (Windows Meta File), was rated a category 2 level risk, meaning it had the potential to continue to spread, said Dave Cole, director of security response at Symantec.

The exploit "is misusing a function in the WMF library in Windows," dropping onto the machine a downloader Trojan "that pulls down its big brother, a more sophisticated Trojan" from a server on the Internet, he said.

"Then it might try to pull down adware, spyware or a bot program," that can turn the computer into a zombie to be used for attacking other machines or sending spam, or just leave a hole on the computer through which sensitive data could be stolen, Cole said.

Kaspersky Lab rated the vulnerability "highly critical" and predicted that "new modifications of these programs may well appear in the near future."

The WMF vulnerability affects computers running Windows XP with service pack 1 and service pack 2, as well as Windows Server 2003 with service pack 0 and service pack 1. It can be exploited when an Internet Explorer user, or Firefox user under certain circumstances, visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer, Kaspersky said in a statement.

The WMF library allows the computer to handle particular image types of Windows machines, Cole said. There is no patch for it yet from Microsoft, although antivirus vendors had released software to help protect against it, he said.

"Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the reports to help provide additional guidance for customers," a Microsoft spokesperson wrote in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect customers, which may include providing a fix through the monthly release process or issuing a security advisory, depending on customer needs."

Windows users can get more information about security issues at http://support.microsoft.com/security.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
84 out of 155 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters