Bad day to surf the net using XP...

Discussion in 'Computer Support' started by Trax, Dec 28, 2005.

  1. Trax

    Trax Guest

    Trax, Dec 28, 2005
    #1
    1. Advertisements

  2. Trax

    Trax Guest

    |>
    |>http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html
    |> or http://tinyurl.com/89b6y
    |>
    |>Thread on Digg.com http://tinyurl.com/cb3x9
    |>
    |>Not a panic post, just a heads up.

    Forgot to add what it's all about:

    "We have a number of sites that we have found with this exploit.
    Different sites download different spyware. We only had a handful of
    websites using this new exploit but now we are seeing many more using
    this to install bad stuff. These image files can be modified very
    easily to download any malware or virus."
     
    Trax, Dec 28, 2005
    #2
    1. Advertisements

  3. Trax

    Vanguard Guest

  4. Trax

    Vanguard Guest


    BTW:
    McAfee: Has a signature for it.
    CA (EzAntiVirus): Has a signature.
    Symantec: Not mentioned.
    TrendMicro: Calls it TROJ_WMFCRASH.A.
    Kaspersky: Mentions it (looks to have a database update).
    Avast! AntiVir: Nothing yet.
    Grisoft AVG: Nothing.
    Bitdefender: Calls it Exploit.Win32.WMF-PFV.

    I'm not surprised that AntiVir and AVG don't have anything yet but was
    surprised that Symantec didn't mention it.
     
    Vanguard, Dec 29, 2005
    #4
  5. Trax

    void Guest

    Symantec detects it as Trojan.Downloader

    --
     
    void, Dec 31, 2005
    #5
  6. Trax

    Trax Guest

    |>In article <dp1gvg$874$>,
    |> says...

    |>> >> http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html
    |>> >> or http://tinyurl.com/89b6y
    |>> >>
    |>> >> Thread on Digg.com http://tinyurl.com/cb3x9
    |>> >
    |>> >
    |>> > Also at http://www.securityfocus.com/brief/89.
    |>> >
    |>>
    |>>
    |>> BTW:
    |>> McAfee: Has a signature for it.
    |>> CA (EzAntiVirus): Has a signature.
    |>> Symantec: Not mentioned.
    |>> TrendMicro: Calls it TROJ_WMFCRASH.A.
    |>> Kaspersky: Mentions it (looks to have a database update).
    |>> Avast! AntiVir: Nothing yet.
    |>> Grisoft AVG: Nothing.
    |>> Bitdefender: Calls it Exploit.Win32.WMF-PFV.
    |>>
    |>> I'm not surprised that AntiVir and AVG don't have anything yet but was
    |>> surprised that Symantec didn't mention it.

    |>Symantec detects it as Trojan.Downloader

    Caught this on another newsgroup, it's worth passing along

    From: "David H. Lipman" <[email protected]>
    Newsgroups: microsoft.public.windowsxp.general

    Carey:

    Please don't post the following...

    Microsoft Live Safety Center
    http://safety.live.com/site/en-US/default.htm

    It is a Beta and on a scale from 1 to 10 it is a 2

    If you are going to ost a online scanner post one that actually has a
    high catch rate.

    Kaspersky:
    http://www.kaspersky.com/de/scanforvirus

    I have been in communication with Randy Treir and I have been testing
    the site. Straight
    talk -- it sucks !

    I gave it a zoo and it had a 22% catch rate.

    When I tested an "Exploit-WMF" sample Yesterday, these were the
    results...

    AntiVir 6.33.0.70 12.29.2005 TR/Dldr.WMF.Agent.D
    Avast 4.6.695.0 12.29.2005 Win32:Exdown
    AVG 718 12.29.2005 Downloader.Agent.13.AI
    Avira 6.33.0.70 12.29.2005 TR/Dldr.WMF.Agent.D
    BitDefender 7.2 12.29.2005 Exploit.Win32.WMF-PFV.C
    CAT-QuickHeal 8.00 12.29.2005 WMF.Exploit
    ClamAV devel-20051123 12.29.2005 Exploit.WMF.A
    DrWeb 4.33 12.29.2005 Exploit.MS05-053
    eTrust-Iris 7.1.194.0 12.29.2005 Win32/Worfo.C!Trojan
    eTrust-Vet 12.4.1.0 12.29.2005 Win32/Worfo
    Ewido 3.5 12.29.2005 Downloader.Agent.acd
    Fortinet 2.54.0.0 12.29.2005 W32/WMF-exploit
    F-Prot 3.16c 12.29.2005 security risk or a "backdoor" program
    Ikarus 0.2.59.0 12.29.2005 Trojan-Downloader.Win32.Agent.ACD
    Kaspersky 4.0.2.24 12.29.2005 Trojan-Downloader.Win32.Agent.acd
    McAfee 4662 12.29.2005 Exploit-WMF
    Microsoft ?? 12.29.2005 no virus found
    NOD32v2 1.1343 12.28.2005 Win32/TrojanDownloader.Wmfex
    Norman 5.70.10 12.29.2005 no virus found
    Panda 9.0.0.4 12.28.2005 Exploit/Metafile
    Sophos 4.01.0 12.29.2005 Troj/DownLdr-NK
    Symantec 8.0 12.29.2005 Download.Trojan
    TheHacker 5.9.1.064 12.28.2005 Exploit/WMF
    Trend Micro 135 12.29.2005 TROJ_NASCENE.D
    UNA 1.83 12.29.2005 no virus found
    VBA32 3.10.5 12.28.2005 no virus found


    Today however it is causght...

    Microsoft ?? 12.30.2005 Exploit:Win32/Wmfap

    Just because you are a Microsoft MVP, please don't suggest a low
    quality product wjhen there
    are high quality alternatives.
    Especially when it is a security related issue !
     
    Trax, Dec 31, 2005
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.