Page 4 of 10 FirstFirst 12345678 ... LastLast
Results 46 to 60 of 143
  1. #46
    Joined
    Nov 2001
    Location
    Central Va
    Age
    57
    Posts
    6,982

    Re: [Security] WMF Zero-Day Exploit

    Got a new update on the AVG anti virus today , does anyone know if it detects this stuff now ?

    Quote Originally Posted by AVG Site
    Added detection of new variant of I-Worm/Mytob, new variants of trojans Backdoor.Breplibot, Downloader.Zlob.
    January 2, 2006
    I am trying to stay on top of this deal , what I have done so far

    Have unregistered the shimgvw.dll file and renamed it
    assoiciated all image formats to notepad
    run the latest patch
    verified it it took with the vulnerability checker
    updated my hosts file

    Thus Always To Tyrants

  2. #47
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: [Security] WMF Zero-Day Exploit

    A couple more updates:

    I can confirm that using Firefox 1.5 (the latest version) gives some additional protection. Firefox 1.5 tries to open any wmf in Windows Media Player. I'm guessing someone at Mozilla thinks WMF stands for Windows Media File - anyway, great bug

    Also, those interested in browser safety in general should definately check out SandboxIE:

    http://www.sandboxie.com/

    Again, I can confirm that when running IE 6 sandboxed in this way on an otherwise vulnerable machine, attempting to preview an infected WMF in IE 6 results in a couple of infected files popping up in the sandbox (isolated from the rest of your machine) and then IE promtly crashes. Nice one Microsoft

    Anyway, this method of browsing gives a relatively safe environment against all new exploits that your AV may otherwise not detect. Great when surfing those dodgy websites - just remember to terminate all sandboxed processes and empty the contents of the sandbox when you're done

    And my final recommendation for safer surfing is, of course, a tried and tested knoppix LiveCD running Firefox.

    Ned

  3. #48
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: [Security] WMF Zero-Day Exploit

    Quote Originally Posted by wb22rules
    Got a new update on the AVG anti virus today , does anyone know if it detects this stuff now ?
    Here's the latest results on VirusTotal for the variant that was circulating on IM yesterday:

    AntiVir EXP/IMG.WMF
    Avast Win32:Exdown
    AVG Exploit.WMF
    Avira EXP/IMG.WMF
    BitDefender Exploit.Win32.WMF-PFV
    CAT-QuickHeal no virus found
    ClamAV Exploit.WMF.A
    DrWeb no virus found
    eTrust-Iris Win32/Worfo!Trojan
    eTrust-Vet Win32/Worfo
    Ewido Exploit.MS05-053-WMF
    Fortinet W32/WMF-exploit
    F-Prot security risk or a "backdoor" program
    Ikarus Exploit.Win32.IMG-WMF
    Kaspersky Exploit.Win32.IMG-WMF
    McAfee Exploit-WMF
    NOD32v2 Win32/TrojanDownloader.Wmfex
    Norman W32/Exploit.Gen
    Panda Exploit/Metafile
    Sophos Exp/WMF-A
    Symantec Bloodhound.Exploit.56
    TheHacker Exploit/WMF
    UNA no virus found
    VBA32 Trojan-Downloader.Win32.Agent.acd
    Of the other 3 variants I have for testing, AVG detects them all on VirusTotal, but all 3 are missed on Jotti. I can only assume Jotti's site is using old signitures - I'll check again later for you.

    However, do remember that there are many variants out there (58 at the last count) and some are hard for AVs to detect. AVG has been very slow in detecting new variants as they appear in my experience - I wouldn't recommend it.

    Ned

  4. #49
    Joined
    May 2003
    Age
    40
    Posts
    2,001

    Re: [Security] WMF Zero-Day Exploit

    read the first few posts somebody should add opera browser to the safe to use list, it dosnt use ANY ie related files or non native rendering(native to opera that is)

    also its totaly free now

  5. #50
    Joined
    Aug 2001
    Posts
    74,682

    Re: [Security] WMF Zero-Day Exploit

    ^^Similar situation as Firefox. Opera 8.51 defaults to open WMF files with "Windows Picture and Fax Viewer" too. However, all versions of Firefox and Opera prompt the user first.

  6. #51
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: [Security] WMF Zero-Day Exploit

    Quote Originally Posted by PF Prophet
    read the first few posts somebody should add opera browser to the safe to use list, it dosnt use ANY ie related files or non native rendering(native to opera that is)

    also its totaly free now
    But this isn't a browser issue, it's a Windows issue. As Jimz said, you'll get a promt asking you if you wish to open the image file (unlike with IE) - if you say yes on a vulnerable machine, bang - you're infected!

  7. #52
    Joined
    May 2003
    Age
    40
    Posts
    2,001

    Re: [Security] WMF Zero-Day Exploit

    nod32=im not infected

    others may be but im very sure that im not >

  8. #53
    Joined
    Nov 2001
    Location
    Central Va
    Age
    57
    Posts
    6,982

    Re: [Security] WMF Zero-Day Exploit

    Thanks Ned

    Thus Always To Tyrants

  9. #54
    Joined
    Dec 2000
    Location
    myrtle beach,south carolina, U. S. of A.!
    Posts
    12,696

    Re: [Security] WMF Zero-Day Exploit

    Quote Originally Posted by Ned Slider
    I can confirm that using Firefox 1.5 (the latest version) gives some additional protection. Firefox 1.5 tries to open any wmf in Windows Media Player. I'm guessing someone at Mozilla thinks WMF stands for Windows Media File - anyway, great bug

    Ned


    the irony of it all!

  10. #55
    Joined
    Jul 2001
    Location
    UK
    Age
    51
    Posts
    20,229

    Re: [Security] WMF Zero-Day Exploit

    Nice timeline cart from Websense

    Click for full size:

  11. #56
    Joined
    Aug 2001
    Posts
    74,682

    Re: [Security] WMF Zero-Day Exploit

    ^^Another one I noticed Ned...that is a screen capture. Note the pop up in first instance [as we might get with Firefox or Opera]

    http://www.websensesecuritylabs.com/...hp?AlertID=391

  12. #57
    Joined
    Feb 2001
    Posts
    18,901

    Re: [Security] WMF Zero-Day Exploit

    f-secure was quickly on top of it as well.

  13. #58
    Joined
    Jun 2002
    Posts
    3,793

    Re: [Security] WMF Zero-Day Exploit

    Ned,that sandboxie is just the coolest thing i've seen around in some time.Definetely a keeper
    Biostar 790gx am2+
    Phenom II x4 720
    Sapphire Ati 4850(512mb)
    raid-0 x2 36gb raptors
    g.skill 2x2gb ram
    750 watt psu
    28 inch Hanns-g lcd monitor

  14. #59
    Joined
    Apr 2004
    Location
    Lansdowne PA
    Posts
    314

    Re: [Security] WMF Zero-Day Exploit

    my panda Anti virus has been coming up telling me that my computer has a security risk and it gives me a ling to MS download center to get a patch to fix it...so panda knows whats up...only problem is that MS hasnt released the patch yet so when i go there i get nothing >_<


  15. #60
    Joined
    Jan 2001
    Location
    Auckland
    Age
    40
    Posts
    30,912

    Re: [Security] WMF Zero-Day Exploit

    id like to track the source of this bug down, uhm i mean expoit

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •