|
|
 |
 WMF---Still vulnerable?
|
|
| Meehowski | |
Registered Member #192
Joined: Sun Jan 15 2006, 06:30AM
Posts: 5
| The Microsoft patch for the WMF vulnerability has now been out there for more than 10 days. However, we believe that most of the vulnerable Windows machines worldwide have not installed the patch yet. We also believe this vulnerability will continue to be used by various different attackers for months, possibly years.
Today we saw a phishing scam exploiting this vulnerability. This scam works by sending out emails, urging customers of the global HSBC bank to visit a site called www[dot]jhsbc[dot]com. This domain, naturally, has nothing to with the real bank but it sounds close enough.
The site is running on a owned home computer somewhere in Illinois. This machine, connected to the net via a high-speed cable connection, is hosting or has been hosting several other phishing-related domains, including these gems that administrators might want to filter at their gateways: www[dot]i7tgg4rv[dot]com and www[dot]ll67ffgsp[dot]com, www[dot]mrhpd74e[dot]com and www[dot]pph4e32q[dot]com.
The WMF connection comes from the fact that if you visit this site (and please don't), the front page contains an IFRAME that will try to push an exploit file called tr.wmf to your system. When that is executed, it will download a file called update.exe from the same server. This unexpected gift turns out to be a variant of the Trojan-Spy.Win32.Goldun family, which will start to collect information from the site.
http://www.f-secure.com/weblog/#00000778
MEEHOWSKI | | Back to top | |
| NIST.org |  Sat Jan 21 2006, 06:03PM | |
|
NIST.org Security Researcher
Joined: Mon Nov 28 2005, 07:51PM
Posts: 13
| Steve Gibson at GRC.COM is reporting that he now believes that no Windows 9x computer is vulnerable to having this WMF vulnerability exploited.
You can read the transcript of his latest Podcast here.
Or you can download and listen to the Podcast here.
Steve Gibson is one of the more famous security researchers. He's been writing low level disk utililities since the early DOS days. Check out the latest version of Spinrite 6
Network Information Security & Technology News
NIST.org
| | Back to top | |
| Meehowski | | Mon Jan 23 2006, 02:35AM | |
|
Registered Member #192
Joined: Sun Jan 15 2006, 06:30AM
Posts: 5
| NIST.org wrote ... Steve Gibson at GRC.COM is reporting that he now believes that no Windows 9x computer is vulnerable to having this WMF vulnerability exploited. You can read the transcript of his latest Podcast here. Or you can download and listen to the Podcast here. Steve Gibson is one of the more famous security researchers. He's been writing low level disk utililities since the early DOS days. Check out the latest version of Spinrite 6
Thank you John.......be well..........
Mike
MEEHOWSKI | | Back to top | |
Moderators: NIST.org, John Herron
|
|
Powered by e107 Forum System
|
|
Translate to:           
|
Latest NIST.org news and comments |
|
|
|
|
|
| Training / Books
»Security Certifications -
» CISSP, SSCP, Security+, etc.
»Computer Forensics
»Ethical Hacking
»Malware, Spyware, Viruses
»FISMA Compliance, Policies, etc
»PKI, Encryption, Smartcards
»Windows Security Guides
»HIPAA, SOX, CISP, etc.
|
NIST.org Security Bookstore
|
|
|
Our forum posts can be syndicated by using these rss feeds.
|
|
|
