Avast WEBforum

Other => General Topics => Topic started by: YLAP on December 28, 2005, 11:02:55 PM

Title: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
Post by: YLAP on December 28, 2005, 11:02:55 PM

A range of Trojan programs which exploit the Windows Meta File vulnerability has been detected recently. This vulnerability is rated highly critical, and so far, no patch has been issued.

The Trojans are classified as Trojan-Downloader.Win32.Agent.acd, as all the samples detected (by Kaspersky Lab in this case) come from the same family. New modifications of these programs may well appear in the near future.

The WMF vulnerability is present in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 with Service Pack 0 and Service Pack 1. The vulnerability can be exploited when viewing infected sites with Internet Explorer, Firefox (if certain other conditions are met), or when previewing *.wmf format files with Windows Explorer.

Computers will be infected by programs from the Agent.acd family if the user visits unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.

To prevent infection is strongly recommended that users should not open files with a *.wmf extension. Users should also configure their Internet Explorer security settings to “High”.

28 Dec 2005   

 

Title: Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
Post by: polonus on December 28, 2005, 11:12:29 PM

Hi friend Ylap,

This was fully covered here: http://forum.avast.com/index.php?topic=18295.0
Also our forum friend ReVaN (aka Mikey) has indicated how you can be protected. Maybe you overlooked this thread there, anyway thanx for warning. Also block access to: union(dot)com from your machine, where the exploit seems launched from.

Greets and have a good Sylvester and a Glorious 2006,

polonus

Title: Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
Post by: YLAP on December 28, 2005, 11:26:35 PM

Oh, I rarely get into Virus section... Sorry, but to be warned again is not so bad!

Title: Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
Post by: bob3160 on December 28, 2005, 11:38:31 PM

Didn't the following take care of this???
http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx

Title: Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
Post by: ..::ReVaN::.. on December 29, 2005, 12:16:30 AM

Quote from: bob3160 on December 28, 2005, 11:38:31 PM

Didn't the following take care of this???
http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx

Nope....