The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

Panda Software – WMFMaker – WMF virus construction tool

I am sure we all new that this was on the way, too bad all the script kiddies are back in school.

Panda Software – WMFMaker.

Brief Description
WMFMaker is a virus constructor, which allows images to be created in WMF (Windows MetaFile) format that exploit a critical vulnerability in the Graphics Rendering Engine on Windows 2003/XP/2000/Me/98 computers. This vulnerability affects the library GDI32.DLL, which is used by the Windows Picture and Fax Viewer, Internet Explorer and Outlook, among other programs.

WMFMaker can be used to create images that run any type of malicious code on the affected computer, such as Trojans, worms or any other type of malware.

These malicious WMF images are then distributed using several methods: they can be hosted in a malicious website, sent via email, etc. When such a specially crafted WMF image is opened in a vulnerable computer, the code included within is executed, thus compromising the computer.

Currently, Microsoft has not released any security patch regarding the vulnerability, but their Security Advisory 912840 deals with the vulnerability.

As temporary measures, it is recommendable to:

  • Read emails in plain text.
  • Do not click on links received via email or instant messaging programs and sent by unknown senders.
  • If you have a Windows XP computer, enable DEP (Data Execution Prevention).
Visible Symptoms
WMFMaker is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
Advertisements

January 3, 2006 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: