| Exploit-WMF trojan |
High severity |
03-Jan-2006 |
| Aliases: Exploit.Win32.IMG-WMF.a, Troj/DownLdr-QB |
Downloads backdoor trojan
The trojan seen at the time of writing was spammed out in email, using the attachment name HappyNewYear.jpg (note that the file is not a true JPG file). This trojan will attempt to download another trojan when it executes. This is a Bifrose backdoor trojan which can give an attacker access to your computer.
****PLEASE NOTE****
For Windows platforms, users must set the "ScanAllAttachments" registry value to 1 for this filetype to be detected.
For Domino platforms, the following can be done:
- Open the "notes.ini" file.
- Add the ".JPG" and ".WMF" extension to the "AntigenAveExts" parameter.
- Save the file.
- Recycle services.
See Microsoft Security Advisory (912840), Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
http://www.microsoft.com/technet/security/advisory/912840.mspx
|
|
| Computer Associates |
|
| Kaspersky Labs |
|
| Network Associates |
|
| Norman Data Defense |
|
| Sophos |
|
| VirusBusters |
|
| Command |
|
| AhnLab |
|
|