F-Secure has found a flaw in the Windows Meta File. Trojan downloaders are exploiting the flaw to install spyware and adware into the user’s computer.


F-Secure has found a flaw in the Windows Meta File. Trojan downloaders are exploiting the flaw to install spyware and adware into the user’s computer. User’s computers are infected when the user visits websites with image files containing the WMF exploit.

“Windows metafiles are image files used by popular applications such as Microsoft Word.” [Source]

According to F-Secure, Internet Explorer users are at a greater risk of automatic infection. Firefox and Opera browser users are prompted with a warning whether they want to open the WMF image. If they answer “˜yes’, they too are affected.

“Mitigating Factors:
“¢ In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker’s Web site.
“¢ In an E-mail based attack involving the current exploit, customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability. At this point, no attachment has been identified in which a user can be attacked simply by reading mail.
“¢ An attacker who successfully exploited this vulnerability could only gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.” [click here]

The flaw affects Windows OS such as Windows 2000 Service Pack 4, Windows XP Service Packs 1 and 2, Windows XP Professional x64, Windows Server 2003, 2003 Service Pack 1, Windows Server 2003 Itanium, 2003 Itanium Service Pack 1, 2003 x64, Windows 98 SE and Windows ME.

For more information on the WMF vulnerability, click here.

 

 

 

 

Sharing is caring