Released on December 28th, the Windows .WMF exploit has been a nasty one, and according to the SANS Internet Storm Center, things will only get worse.
On December 31st, a new and improved version of
the WMF exploit had been published. The new exploit generated
WMF files that were different enough to bypass nearly
all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.
"I"ve written more than a few diaries, and I"ve often been silly or said
funny things, but now, I"m being as straightforward and honest as I can
possibly be: the Microsoft WMF vulnerability is bad. It is very,
very bad." Stated Tom Liston in the SANS Internet Storm Center Diary.
SANS and many other security sites recommend un-registering
Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn"t enough to protect against some of the more advanced variants of the exploit.
"The word from Redmond isn"t encouraging. We"ve heard nothing to
indicate that we"re going to see anything from Microsoft before January
9th." Said Liston in the diary.