January 4, 2006 2:41 PM PST
Windows users swamp WMF patch site
Ilfak Guilfanov's personal Web site was switched off by his hosting provider on Wednesday morning after hordes of Microsoft users scrambled to download his unofficial patch against the WMF vulnerability, according to antivirus company F-Secure.
The site was temporarily closed as "half the planet tried to download WMFFIX_HEXBLOG.EXE" F-Secure reported in its blog.
Microsoft has advised businesses not to use the patch, as the company cannot guarantee it will work. But with no official patch due to be released until next week, security experts are urging businesses to use the unofficial patch because of the serious nature of the WMF vulnerability.
The WMF flaw can be used by malicious software to surreptitiously install spyware on a user's PC or allow a hacker to control the machine remotely.
Several attacks have been detected since late December, and on Wednesday, experts detected another Trojan horse that exploits the flaw. F-Secure warned that the Trojan was spreading in spam e-mails labeled as coming from Yale University.
To minimize risk from the Trojan, system administrators have been advised by F-Secure to block user access to the following:
HTTP access to playtimepiano(dot)home(dot)comcast(dot)net
TFTP (ie. UDP) access to 126.96.36.199
IRC access to 188.8.131.52:8080
IRC access to 184.108.40.206:8080
IRC access to 220.127.116.11:8080
IRC access to 18.104.22.168:8080
IRC access to 22.214.171.124:8080
F-Secure warned businesses and system administrators not to visit the HTTP address.