Support Downloads
support Threat Info Center
Sybari Virus Alert
Exploit-WMF trojan High severity 03-Jan-2006
Aliases:  Exploit.Win32.IMG-WMF.a, Troj/DownLdr-QB
Downloads backdoor trojan
The trojan seen at the time of writing was spammed out in email, using the attachment name HappyNewYear.jpg (note that the file is not a true JPG file). This trojan will attempt to download another trojan when it executes. This is a Bifrose backdoor trojan which can give an attacker access to your computer.


For Windows platforms, users must set the "ScanAllAttachments" registry value to 1 for this filetype to be detected.

For Domino platforms, the following can be done:
  1. Open the "notes.ini" file.
  2. Add the ".JPG" and ".WMF" extension to the "AntigenAveExts" parameter.
  3. Save the file.
  4. Recycle services.
See Microsoft Security Advisory (912840), Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Scan Engine Version
Computer Associates
Kaspersky Labs
Network Associates
Norman Data Defense