cancel
Showing results for 
Search instead for 
Did you mean: 

High level Alerts /Warnings

N/A

High level Alerts /Warnings

This is just to let you know that there is currently a VERY HIGH level of new & new variations "Trojen Horse.Downloaders" spreading like wild fire across the internet. Reports show high spread levels since the 29th Dec 2005.These can compromise a windows system by being downloaded into the internet explorer temp file cache.

**NOTE: Windows XP with service pack 1 & or service pack 2 wont protect you against these OS exploits.

**Especially watch out for the JPEG buffer over run exploit or Trojen.Horse.Downloader MS04-028.

**Also Trojen.Horse.Downloader.Agent.13.AI which exploits windows Meta file vulnerability, see xpl[1].wmf. This loads or launches an attack using windows image & fax viewer which is normaly used to preview image files in XP. Note: I temporary work around has been found but this involves disabling the image & fax viewer.

**Microsoft are aware of both of these OS exploits but No! serious fix or patch has been provided as yet.
1 REPLY
N/A

More Information Ivan

The Register » Security » Anti-Virus »
Original URL: http://www.theregister.co.uk/2005/12/29/wmf_trojan_alert/

Trojan alert over unpatched Windows flaw

By John Leyden
Published Thursday 29th December 2005 12:46 GMT

Hackers have created a range of Trojan programs which exploit a dangerous new Windows Meta File vulnerability. The vulnerability is rated critical, and so far, no patch has been issued.

The WMF vulnerability exists in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer.

Windows PCs infected by malware from the Trojan-Downloader Agent-ACD family are liable to download other malware programs onto a compromised machine as explained in an analysis by Russian anti-virus firm Kaspersky Lab here (http://www.viruslist.com/en/alerts?alertid=176701669).

Kaspersky advises users not to open untrusted files with a *.wmf extension. Users should also configure their Internet Explorer security settings to "high" as a precaution, it recommends. Anti-virus firms are updating signature definition files to detect the risk, and protection is now largely in place. ®

**This relates to the file xpl[1].wmf I was telling you about, it downloads itself into the IE6 temp internet file cache, from where it will try and gain access into the rest of your machine. It exploits the windows image & fax viewer program in windows. I used AVG Free which detected it, I was able to delete it in seconds also with AVG free.


Ivan