December 28, 2005 4:04 PM PST

Trojan delivers unwanted gift to Windows PCs

A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in Windows systems to sneak onto computers, then dropping adware or spyware or turning them into zombies, according to several Internet security companies.

The Trojan, dubbed Exploit-WMF (Windows Meta File), was rated a category 2 level risk, meaning it had the potential to continue to spread, said Dave Cole, director of security response at Symantec.

The exploit "is misusing a function in the WMF library in Windows," dropping onto the machine a downloader Trojan "that pulls down its big brother, a more sophisticated Trojan" from a server on the Internet, he said.

"Then it might try to pull down adware, spyware or a bot program," that can turn the computer into a zombie to be used for attacking other machines or sending spam, or just leave a hole on the computer through which sensitive data could be stolen, Cole said.

Kaspersky Lab rated the vulnerability "highly critical" and predicted that "new modifications of these programs may well appear in the near future."

The WMF vulnerability affects computers running Windows XP with Service Pack 1 and Service Pack 2, as well as Windows Server 2003 with Service Pack 0 and Service Pack 1. It can be exploited when an Internet Explorer user, or Firefox user under certain circumstances, visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer, Kaspersky said in a statement.

The WMF library allows the computer to handle particular image types of Windows machines, Cole said. There is no patch for it yet from Microsoft, although antivirus vendors had released software to help protect against it, he said.

"Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the reports to help provide additional guidance for customers," a Microsoft spokesperson wrote in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect customers, which may include providing a fix through the monthly release process or issuing a security advisory, depending on customer needs."

Windows users can get more information about security issues at http://support.microsoft.com/security.

90 comments

Join the conversation!
Add your comment
Windows again?
Seems like almost every other day I hear about some new virus or something taking advantage of a "hole" in the Windows OS and then they(the brains in Redmond) start scrambling to create a new security patch. I am so glad I am switching to Linux after the first of the year. Then I won't have to worry so much about these problems. With all the resources available to M$, you would think they could develop a somewhat safer OS but with 90% of the PC's worldwide running Windows, why should they worry about it. Be careful MS, Big Linux is looking over your shoulder.
Posted by yrrahxob (77 comments )
Reply Link Flag
Yeah, right.
As if Linux never had a vulnerability, a virus or a zero day exploit.
Posted by Hernys (744 comments )
Link Flag
And We are Glad you are switching too...
Since Linux is one of the most hit OS's on the market.

Fred Dunn
Posted by fred dunn (793 comments )
Link Flag
Linux vehicles are without luxury
Deciding to change to Linux, from Microsoft, is like driving from point A to point B. With Linux, you are in a basic car, with few options, and the road you take is two lane road with few other cars. With Windows, you are in a car with more options than you most would ever use, but it is there if you want it. The road is an 8 lane highway with a number of cars on it. You will get there faster, but you have to be careful about what you are doing and about road side stops you might take. In the end, common sense and basic precautions will allow a person to get from point A to point B in high fashion. Why make the trip uncomfortable if all you need is common sense to protect your vehicle?
Posted by tutcity (22 comments )
Link Flag
This one looks bad
I'm surfing on my Debian box until it's patched.

Scoble is tracking MS response to it on his blog:

<a class="jive-link-external" href="http://scobleizer.wordpress.com/" target="_newWindow">http://scobleizer.wordpress.com/</a>
Posted by Betty Roper (121 comments )
Reply Link Flag
Windows, an open window for viruses.
It seems that windows has a tendancy to attract all sorts of viruses. Thanks Mr. Gates for creating one big piece of sh@t!

Ever heard of a OSX exploit?
Posted by Kel_Solaar (5 comments )
Reply Link Flag
Um, what is OSX?
Funny - if it is so secure, why aren't more people running it?

;)
Posted by Milly Staples (24 comments )
Link Flag
I got hit by the trojan &
can you say F O R M A T...
Posted by darblin (1 comment )
Reply Link Flag
i got hit to
didn't had to format, scanned like 3 time with ms antispyware... good as new
Posted by ArT_Ownz (2 comments )
Link Flag
Message has been deleted.
Posted by zscherween (4 comments )
Reply Link Flag
Message has been deleted.
Posted by zscherween (4 comments )
Reply Link Flag
Message has been deleted.
Posted by zscherween (4 comments )
Reply Link Flag
Why it attracts attention
Lets see... windows has about 95% of the home market so I would expect on market share alone to have 95% of the virus writers writing for a windows environment. Now lets factor in the time and effort it takes the virus writer to create a virus vs how much impact he would like to make. Should he spend all his/her time writing a virus that will only affect a few computers or on that will affect 95% of the market? So out of that 5% of virus writers who don't use windows, I would suspect 4 out of the 5% would be writing viruses for... you guessed it, windows. Now that would bring the chances of Mac and linux seeing a virus to basically "fat chance". The security of linux and Mac resides in the fact they are not garnering the attention of virus writers, and not because there are security holes that can be exploited.
Posted by Seaspray0 (9714 comments )
Reply Link Flag
Uh, let's see...
An Operating System that is completely vulnerable and allows anything to amke system-level changes without authorization is much easier to attack than an OS that does not. OS X and msot flavors of Linux will always ask for an admin password before installing soemthing on the system. Windows doesn't. Windows says "Hi, thing. Come insiode and rape me!"

So, when all of those contests were out to award someone for writing a Mac virus ended with no winner, we could see that OS X is much harder than Windows. Sorry, it's true.

Windows is a program-by-numebrs system. Just about anyone with a DUMMIES book can do it.
Posted by (461 comments )
Link Flag
it attracts attention becaue it's so vulnerable
If having only 5% of the market helps, great, I like that. Anti-virus programs are a waste of drive space on a Mac. I've been using Macs for over 10 years and never yet seen a virus on any of my Macs. Bought a PC a couple of years ago for gaming and within 30 minutes of going online it was infected. Took a CAD class at the local community college and they had system wide viruses on every PC I used while there. I would clean them off my workstation and next time I came in to class they were back again.
Posted by Swamphick (4 comments )
Link Flag
You based that ASSumption of bad data
80% of the web servers are non-Microsoft, yet 99.99% of the attacks, defacings and holes exploited are due to Microsoft vulnerabilities. Explain that one!
<a class="jive-link-external" href="http://news.netcraft.com/archives/web_server_survey.html" target="_newWindow">http://news.netcraft.com/archives/web_server_survey.html</a>
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Another day, another MS virus
The single most effective thing to protect yourself, never use Microsoft products. But even on the Microsoft Windows (virus) operating system you can take this to heart. Do not use IE, use Firefox or another browser. Do not use Microsoft Office, use OpenOffice or another office product. Do not use MS's media player, use WinAmp or another player. Get the picture so far? If you used a MS picture viewer, you are probably infected.
Posted by aabcdefghij987654321 (1721 comments )
Reply Link Flag
read the story
it hit firefox browsers too, so u cant say it is only ms. The firefox browser was vunerable.
Posted by techguy83 (295 comments )
Link Flag
Another day, another MS virus
I'm sure this logic appeals to techno-freaks, but it sure pisses off most of us business and personal users who would just rather use the most widely accepted platforms and integrated support products out there. I've tried Mozilla and Firefox and tons of other similar products over the years, but the simple fact is that nothing yet has been so overwhelmingly superior to the off-the-shelf MS equivalent to maintain my interest, with the single exception of Adobe Photoshop. The best gift I could find in my Christmas stocking would be an end to all the techno-anarchists who have an axe to grind with MS. I'd love to deposit a nuclear worm right in the middle of their hard-drives from which they would never recover.
Posted by fbcx (7 comments )
Link Flag
Stop blaming Microsoft
Whenever some nasty, malicious person or persons spends an unfathomable amount of time dedicated to intentionally finding a way to invade the privacy and functionality of a PC computer running M/s software, everyone blames Microsoft or Bill Gates. If it wasn't for them, most of us wouldn't be using computers. It seems that Microsoft's biggest fault is not realizing how vicious and destructive some people can be. Turn your anger on the destroyers, not the creators.
Posted by roberth (1 comment )
Reply Link Flag
What creators?
You must be very young. Either that, or you simply weren't
paying any attention over the last twenty five years.

If it weren't for Microsoft and Bill Gates, the GUI would have
been accepted five years sooner than it was, and innovation
wouldn't have been stifled by an insane desire to be
"compatible" with an OS that was obsolete by the early 80's.
What's more, one or more of the other OSes, each of which is
inherently more secure than Windows, would have occupied the
space Windows does now. We would all be much better off.
Posted by Macsaresafer (802 comments )
Link Flag
question
What has Microsoft created? Can you even name one
thing that they invented? Please help me as I
have been struggling with this "innovation,
innovation, innovation" mantra.
Posted by Johnny Mnemonic (374 comments )
Link Flag
But, it is MS that deserves 110% of the blame! Read on...
If a car maker sells me an auto here in the states, and waits for accidents to happen before fixing faulty parts...someone would be going to jail.

MS security vulnerabilities have cost lives, plain and simple. Bill Gates should spend the rest of his pathetic life in jail.
Posted by aabcdefghij987654321 (1721 comments )
Link Flag
Good point, but...
Robert, as a (relatively) happy Microsoft customer I appreciate your frustration that illegal actions by attackers is sort of taken for granted, but MS can't get off on this. If they enjoy the benefits of owning 90% of the world's desktops, they have to bear the responsibility when those customers are exposed to flaws.

On a positive note: MS has issued instructions (seen elsewhere on the Net) about closing the attack vector by unregistering the broken .dll:

<a class="jive-link-external" href="http://www.microsoft.com/technet/security/advisory/912840.mspx" target="_newWindow">http://www.microsoft.com/technet/security/advisory/912840.mspx</a>

(Goto Suggested Actions: Workarounds) and McAfee Viruscan has already been updated to block infection.
Posted by Betty Roper (121 comments )
Link Flag
I totally agree
I would love to get mu hands on one of these low lifes that write this garbage. You do not blame the auto manufacturer when some other low life breaks into your car or slashes the tires. You do not blame the pizza maker is someone puts poison on it after you get it.
I am so sick of the blame gam, blaiming everyone but the Perb.
Posted by D-Baer (7 comments )
Link Flag
Blame MS, it's a design flaw!!!!
The flaw is built-in to WMF handling, MS fan-boy!!!

WMFs can run arbitrary code by design.

Stop your blind, ignorant boosterism.
Posted by 203129769353146603573853850462 (97 comments )
Link Flag
Nope
You will defintely blame the car manufacturer if they make a lock that is so easy to pick !!!
Posted by laloooji (23 comments )
Reply Link Flag
Security Experts use Macs!
I listen to several IT security related podcasts and visit security
websites and always seems to hear these experts say they
personally use a MAC and have bought one for their family
members too after seeing so many scary vulnerabilities in Windows
and Internet Explorer!

The Macintosh IS the condom of the internet!!
Posted by Brad Freeman (9 comments )
Reply Link Flag
I prefer Linux
But Mac's are infinitely more attractive ;)

To each his own I guess.
Posted by Johnny Mnemonic (374 comments )
Link Flag
preach on!!
I'm the only one in my family that uses a mac, and I really enjoy
laughing at my parents and sister when they tell all of their horror
stories about the times when they got viruses and ended up having
to wipe their whole drive or spend hours and hours ridding their
computers of all kinds of viruses:]

-Your average 14-year-old mac geek
Posted by computerbandgeek (3 comments )
Link Flag
Microsoft CAN NOT be allowed to profit from this...
You KNOW, Microsoft will use this flaw to leverage users into buying new software. They will ONLY patch Windows XP, and anyone using Windows 2000 or older, who wants their systems fixed or made more secure will be FORCED to buy WIndows XP.
In alot of cases this will force people to have to buy new hardware.

So far Microsoft has seen surges in sales of Windows XP for every flaw and exploit that has come out. THIS IS VERY WRONG! Microsoft should not be rewarded for poor programming. What's to stop them from deliberately creating flaws and vulnerabilities to increase sales.

The LAW needs to step in and FORCE Microsoft to patch "EVERY" version of Windows that is affected by this flaw... AT NO COST TO THE USER.
Posted by SmartITGUY (9 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.