Click here to return to home

Click here to return homeView our TechnologyView our ExpertiseAbout our CompanyContact UsFind Technical Support Access your account

Zero-Day Melware Warning

Severity: EXTREMELY High
Issued: 12/29/2005
Updated: 01/06/06

There is a new, highly dangerous exploit circulating the Internet taking advantage of an unpatched and previously unknown vulnerability in Windows graphics rendering engines. The users are dictated via e-mail to visit a web site containing a Windows MetaFile (.WMF) formatted picture. Once the website is visited, Windows graphics rendering engine automatically tries to display the image, thus executing the melware. Once the exploit is set in motion, the melware has full SYSTEM privileges, which means that it can install anything on users' computers, and give the attacker/hacker complete access to user PC.

Any application that displays images (.WMF files) automatically, will cause the computers to be infected. In addition, the .WMF extension can also be disguised as other image extensions such as .JPG, .GIF, and .BMP. Therefore, if a .WMF file is renamed with a graphic file extension, the firewalls will not catch it.

The WMF vulnerability specifically affects Windows 2000, Windows XP, and Windows Server 2003. It can also penetrate Internet Explorer (IE), Firefox, Opera, and Outlook. Furthermore, it doesn't get stopped by patched and updated Windows XP SP2 systems, thus making everyone vulnerable.

What to do?

Microsoft has finally released an early, out-of-cycle update to correct this problem. Windows administrators should download, test and deploy the corresponding update immediately:

Also, warn all users to remain aware of this new threat and to avoid visiting URLs that contain links to .WMF files.

Please check back with us for the updated information about this melware as well as new patches and solutions.

References:

General Tips and Hints for your Security

There are new viruses and spyware software that appear on daily basis. Always check recommended virus alerts from your security company or firewall company. These are a few things you can do to protect yourself from viruses.
  • Keep your passwords private, even from your friends and coworkers! Your online services will never ask for them, so neither should anyone else.
  • Always delete unknown e-mail attachments without opening them. They can contain destructive viruses and melware.
  • Remember that nothing you write on the Web is completely private -- including e-mail. So be careful and think about what you type and who you tell.
  • Avoid posting your e-mail address on the web to protect yourself from SPAMmers
  • If you are a remote user, protect your home network environment like it was your business
  • Do not respond to unsolicited e-mails, even if they provide you with a link to unsubscribe.
  • Always keep your virus software up to date.
  • Don’t let other people, such as friends or co-workers, use your computer without your supervision
  • Lock your computer when you walk away from your desk.

When in Doubt, call the IT professional. You can always reach us at 859.491.5900 or e-mail us.