The Antivirus Guy Blog

Keeping people up to date with antivirus and security information

SANS – Internet Storm Center – Oldest infected .wmf?

Handler’s Diary January 4th 2006

Oldest infected .wmf? (NEW)

Published: 2006-01-04,
Last Updated: 2006-01-04 22:28:20 UTC by Marcus Sachs (Version: 1)
We have a little project for all of the forensic treasure hunters out there.  As you all know, the .wmf issue came into public view about a week ago.  Since then, we’ve found that there are infected .wmf files with dates going back several weeks, so this little beauty has been around for a while.  What we are looking for are any confirmed intrusions earlier than the first of December 2005 that can be traced to this current vulnerability.  By confirmed, we mean that not only is the date of an infected .wmf file on a compromised system earlier than December 1st, but you can also prove that it was installed prior to December 1st and had some type of malicious payload embedded in it.  Tell us whatever you can share, and we’ll summarize the details for others.  There’s no prize for the earliest detect, but we are pretty sure that many would be interested in knowing how long this vulnerability has been actively exploited.

SANS – Internet Storm Center – Cooperative Cyber Threat Monitor And Alert System.

Advertisements

January 4, 2006 - Posted by | Antivirus News, Security News

No comments yet.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: