Author Topic: Trojan programs exploiting the latest Windows vulnerability [Dec 28]  (Read 4197 times)

0 Members and 1 Guest are viewing this topic.

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118

A range of Trojan programs which exploit the Windows Meta File vulnerability has been detected recently. This vulnerability is rated highly critical, and so far, no patch has been issued.

The Trojans are classified as Trojan-Downloader.Win32.Agent.acd, as all the samples detected (by Kaspersky Lab in this case) come from the same family. New modifications of these programs may well appear in the near future.

The WMF vulnerability is present in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 with Service Pack 0 and Service Pack 1. The vulnerability can be exploited when viewing infected sites with Internet Explorer, Firefox (if certain other conditions are met), or when previewing *.wmf format files with Windows Explorer.

Computers will be infected by programs from the Agent.acd family if the user visits unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.

To prevent infection is strongly recommended that users should not open files with a *.wmf extension. Users should also configure their Internet Explorer security settings to “High”.

28 Dec 2005   

 

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
« Reply #1 on: December 28, 2005, 11:12:29 PM »
Hi friend Ylap,

This was fully covered here: http://forum.avast.com/index.php?topic=18295.0
Also our forum friend ReVaN (aka Mikey) has indicated how you can be protected. Maybe you overlooked this thread there, anyway thanx for warning. Also block access to: union(dot)com from your machine, where the exploit seems launched from.

Greets and have a good Sylvester and a Glorious 2006,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
« Reply #2 on: December 28, 2005, 11:26:35 PM »
Oh, I rarely get into Virus section... Sorry, but to be warned again is not so bad!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Trojan programs exploiting the latest Windows vulnerability [Dec 28]
« Reply #3 on: December 28, 2005, 11:38:31 PM »
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

..::ReVaN::..

  • Guest