MS Confirms WMF Flaw, Variants Spread
Microsoft acknowledged late Wednesday the existence of a zero-day exploit for Windows Metafile images, and said it was looking into ways to better protect its customers. Even worse, by the end of the day nearly 50 variants of the exploit had already appeared.
One security company said the possibilities were endless on how the flaw could be exploited. "This vulnerability can be used to install any type of malicious code, not just Trojans and spyware, but also worms, bots or viruses that can cause irreparable damage to computers," said Luis Corrons of Panda Software.
Attempting to allay fears, Microsoft said there would be no way for an attacker to force a user to visit a malicious Web site. However, Sunbelt vice president of Research and Development Eric Sites said there were ways to easily get around that issue.
"For example, take the latest craze of posting spam in blog talkbacks," Sites said. "How would you like to be reading your favorite blog, click the talkback link and get infected so badly your only option is to reinstall your operating system."
While most trackback spam is obvious in Web logs, spammers have gotten craftier in recent months in getting users to click links.
According to Panda Software, the following Web sites are being used to exploit the vulnerability: toolbarbiz.biz, toolbarsite.biz, toolbartraff.biz, toolbarurl.biz, buytoolbar.biz, buytraff.biz, iframebiz.biz, iframecash.biz, iframesite.biz, iframetraff.biz and iframeurl.biz.
The company estimates the amount of computers infected by the flaw at 1.48 percent.
Microsoft in its advisory was vague as to how it planned to deal with the issue. "[The fix] will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs," the company wrote.
The company cautioned users from opening e-mail or clicking links in e-mail from non-trusted sources as a way to avoid being infected.
Jupiter Research senior analyst Joe Wilcox says that the problem is happening at an unfortunate time for Microsoft.
"It's a holiday week, where the company might not be running full staff," he said. "Additionally, the last week of the year tends to be a slow high-tech news period, so the WMF security vulnerability is getting lots of attention."