Computer Security Research - McAfee Avert Labs Blog

WMF exploit “wombles” up

Friday August 25, 2006 at 2:03 pm CST
Posted by Igor Muttik

McAfee Avert Labs has received samples of a new mass-mailing worm that we call http://vil.nai.com/vil/content/v_140497.htm. What makes it noteworthy is that this worm sometimes sends itself as a usual binary zipped attachment but sometimes mass-mails out Exploit-WMF with itself inside (zipped or non-zipped). The worm is packed inside a modified UPX container and is 78,336 bytes long.

The now ubiquitous WMF exploit first appeared in December 2005 and since then it was one of the most common attack vectors for home users. McAfee AV products have provided proactive detection of known malformed WMF files that can exploit the WMF vulnerability.

This entry was posted on Friday, August 25th, 2006 at 2:03 pm and is filed under Exploit Research, Malware Research. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

WMF exploit “wombles” up

Leave a Reply

Archives

Categories