This is a serious exploit, you should read all this post. If your using windows xp or below you are vulnerable, even with a fully patched system as Microsoft hasn't yet released a patch. Story: http://www.security focus.com/brief/89 This is a new exploit, the first signs were seen on the 28th so not all anti virus definitions have been updated. If you are running an anti virus it is very important to update your definitions now, if you are not i suggest you download the f-secure trial and update definitions after download. What is this about? There is a new exploit out that uses WMF (windows meta-file format) files to infect a computer. All you have to do to get infected is view a web page that has the image on it, or access an infected image that is on your computer. Forums and other sites where users can post images are a particular risk. Internet Explorer users might automatically get infected. Firefox and opera users can get infected if they decide to run or download the image file. More information: http://www.f-secure.com/weblog/ You are not entirely safe if don't use internet explorer. Am i vulnerable? Simply yes, if your anti virus hasn't sent out new definitions for this or you haven't downloaded them there is a high chance you could be infected. Most browsers will download the file to your cache, IE displays the image thus infecting you. Opera and firefox prompt a download and then download to the cache. But if you then interact with the file in any way (thumbnail it, Google Desktop, hover over with the mouse) that causes it to be handled by the windows subsystem responsible for WMF then you will have problems. This exploit CAN affect you even if you don't view it in your browser. What does it do? The exploit can be used to download viruses, Trojans, installers etc onto your computer when the exploit is activated (when the file is parsed by the part of windows with the problem). It does not do anything by itself until it is activated. There have been several reports of Trojans being downloaded, which then download other things, other spyware, etc. At the beginning they were only fake spyware prompting you to download certain programs by telling you your system is infected but now the real worms and viruses are been revealed. What should i do? Firstly you should update your anti-virus definitions and do a FULL system scan. Scan all files not just .exes and.dll's but all files including the most vulnerable .gif .jpg .png .wmf. Turn real time scanning on. Turn off google desktop and all file indexing programs, these applications can trigger the exploit. Use an alternative browser etc opera. You are still not completely safe when not using IE,IE automatically loads up Picture & Fax viewer, executing the exploit but firefox and opera prompt before downloading .WMF files. Be careful when clicking links, don't just trust links from your friends especially on msn as one know exploit uses msn messenger to spread itself. Disable explorer thumbnail/auto parsing of images: More information here: http://antivirus.about.com/od/virusdescrip...mfexploit_2.htm Install this fix: http://www.hexblog.com/2005/12/wmf_vuln.html Use at your own risk Avoid image searching and visiting webpages you don't trust. Some of the places this image has been popping up are: eBay XBOX auctions, porn sites, google image search, wikipedia, myspace, other forums, etc - places where people can post their own images. Your anti virus realtime scanner should help stop if all definitions are uptodate. Links: http://neowin.net/index.php?act=view&id=31906 http://antivirus.about.com/od/virusdescrip...mfexploit_2.htm http://www3.ca.com/securityadvisor/vulninf...n.aspx?id=33721 http://www.securityfocus.com/brief/89 http://www.hexblog.com/2005/12/wmf_vuln.html http://forums.somethingawful.com/showthrea...hreadid=1759573
yeah, if you do not keep your av's up to date, you are vurnerable. With Avast, it updates it automatically... So I'm safe
