WMF Malware exploit in the wild - Philadelphia Conshohocken Delaware Valley PA USA
Netforcement Header
Spacer Services Security Resources Case Studies About Contact Us

WMF Malware exploit in the wild

12-29-05


(Philadelphia & Conshohocken, PA)

Avoid surfing untrusted sites as an exploit in Windows image files (WMF) spreads in the wild and Microsoft has yet to release a patch

Just going to an infected webpage is enough to have it installed. Even a fully patched XP SP2 computer is vulnerable.

The webpages use a WMF (Image File) that contains the exploit. It allows software to be installed on your computer. For right now you can tell if you have been infected if you windows desktop changes to a red box that says you have been infected with spyware.

Some Preventative Solutions
  • Block *.WMF at a gateway web proxy
  • Block *.WMF with antivirus at the desktop
  • Type REGSVR32 /U SHIMGVW.DLL from a command prompt. It is valid prevention to avoid the exploit. This effectively disables your ability to view images using the Windows picture and fax viewer via IE (AFAIK you can still download the file and execute it and get smoked, but you won't get hit by a "drive-by" download with this workaround.

    If you are a Netforcement Managed Service Customers you have nothing to worry about. By using NetFix technology Netforcement has already pushed out the "REGSVR32 /U SHIMGVW.DLL" fix to all managed service computers thus protecting your business from this new Malware exploit.

    More info can be found at these links.
    http://blogs.zdnet.com/Spyware/?p=734
    http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html






    BACK to the Netforcement News Page.

    REQUEST MORE INFORMATION On how Netforcement can help you secure the integrity of your network.

    •  
    610.260.9989 | Request Info Privacy & Security Site Map | © 2006 Netforcement   
    Footer1
    Home Page Customer Login PGP Keys