• On MovieTome: See the TRAILER for TERMINATOR 4!
advertisementHome Phone and Internet $60/mo

December 28, 2005 4:04 PM PST

Trojan delivers unwanted gift to Windows PCs

By Elinor Mills
Staff Writer, CNET News

Related Stories

More exploits out for Windows flaws

 December 1, 2005

Trojan horse rides on unpatched IE flaw

 November 30, 2005

Code exploits Windows flaw in image file handling

 November 29, 2005
A new Trojan horse program was infecting PCs on Wednesday, exploiting a hole in Windows systems to sneak onto computers, then dropping adware or spyware or turning them into zombies, according to several Internet security companies.

The Trojan, dubbed Exploit-WMF (Windows Meta File), was rated a category 2 level risk, meaning it had the potential to continue to spread, said Dave Cole, director of security response at Symantec.

The exploit "is misusing a function in the WMF library in Windows," dropping onto the machine a downloader Trojan "that pulls down its big brother, a more sophisticated Trojan" from a server on the Internet, he said.

"Then it might try to pull down adware, spyware or a bot program," that can turn the computer into a zombie to be used for attacking other machines or sending spam, or just leave a hole on the computer through which sensitive data could be stolen, Cole said.

Kaspersky Lab rated the vulnerability "highly critical" and predicted that "new modifications of these programs may well appear in the near future."

The WMF vulnerability affects computers running Windows XP with Service Pack 1 and Service Pack 2, as well as Windows Server 2003 with Service Pack 0 and Service Pack 1. It can be exploited when an Internet Explorer user, or Firefox user under certain circumstances, visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer, Kaspersky said in a statement.

The WMF library allows the computer to handle particular image types of Windows machines, Cole said. There is no patch for it yet from Microsoft, although antivirus vendors had released software to help protect against it, he said.

"Microsoft is investigating new public reports of a possible vulnerability in Windows and will continue to investigate the reports to help provide additional guidance for customers," a Microsoft spokesperson wrote in an e-mail. "Upon completion of this investigation, Microsoft will take the appropriate action to protect customers, which may include providing a fix through the monthly release process or issuing a security advisory, depending on customer needs."

Windows users can get more information about security issues at http://support.microsoft.com/security.

See more CNET content tagged:
Microsoft Windows Metafile, trojan horse, service pack, Kaspersky Lab, adware

Add a Comment (Log in or register) 90 comments (Showing first 20 comments)
Windows again?
by yrrahxob December 28, 2005 4:31 PM PST
Seems like almost every other day I hear about some new virus or something taking advantage of a "hole" in the Windows OS and then they(the brains in Redmond) start scrambling to create a new security patch. I am so glad I am switching to Linux after the first of the year. Then I won't have to worry so much about these problems. With all the resources available to M$, you would think they could develop a somewhat safer OS but with 90% of the PC's worldwide running Windows, why should they worry about it. Be careful MS, Big Linux is looking over your shoulder.
Reply to this comment View all 3 replies
This one looks bad
by Betty Roper December 28, 2005 6:38 PM PST
I'm surfing on my Debian box until it's patched.

Scoble is tracking MS response to it on his blog:

http://scobleizer.wordpress.com/
Reply to this comment
Windows, an open window for viruses.
by Kel_Solaar December 28, 2005 8:17 PM PST
It seems that windows has a tendancy to attract all sorts of viruses. Thanks Mr. Gates for creating one big piece of sh@t!

Ever heard of a OSX exploit?
Reply to this comment View reply
I got hit by the trojan &
by darblin December 29, 2005 4:36 AM PST
can you say F O R M A T...
Reply to this comment View reply
Message has been deleted.
by zscherween December 29, 2005 5:37 AM PST
Reply to this comment
Message has been deleted.
by zscherween December 29, 2005 5:37 AM PST
Reply to this comment
Message has been deleted.
by zscherween December 29, 2005 5:38 AM PST
Reply to this comment
Why it attracts attention
by Seaspray0 December 29, 2005 7:03 AM PST
Lets see... windows has about 95% of the home market so I would expect on market share alone to have 95% of the virus writers writing for a windows environment. Now lets factor in the time and effort it takes the virus writer to create a virus vs how much impact he would like to make. Should he spend all his/her time writing a virus that will only affect a few computers or on that will affect 95% of the market? So out of that 5% of virus writers who don't use windows, I would suspect 4 out of the 5% would be writing viruses for... you guessed it, windows. Now that would bring the chances of Mac and linux seeing a virus to basically "fat chance". The security of linux and Mac resides in the fact they are not garnering the attention of virus writers, and not because there are security holes that can be exploited.
Reply to this comment View all 3 replies
Another day, another MS virus
by aabcdefghij987654321 December 29, 2005 9:31 AM PST
The single most effective thing to protect yourself, never use Microsoft products. But even on the Microsoft Windows (virus) operating system you can take this to heart. Do not use IE, use Firefox or another browser. Do not use Microsoft Office, use OpenOffice or another office product. Do not use MS's media player, use WinAmp or another player. Get the picture so far? If you used a MS picture viewer, you are probably infected.
Reply to this comment View all 2 replies
Stop blaming Microsoft
by roberth December 29, 2005 12:46 PM PST
Whenever some nasty, malicious person or persons spends an unfathomable amount of time dedicated to intentionally finding a way to invade the privacy and functionality of a PC computer running M/s software, everyone blames Microsoft or Bill Gates. If it wasn't for them, most of us wouldn't be using computers. It seems that Microsoft's biggest fault is not realizing how vicious and destructive some people can be. Turn your anger on the destroyers, not the creators.
Reply to this comment View all 6 replies
Nope
by laloooji December 30, 2005 10:49 AM PST
You will defintely blame the car manufacturer if they make a lock that is so easy to pick !!!
Reply to this comment
Security Experts use Macs!
by Brad Freeman December 30, 2005 12:16 PM PST
I listen to several IT security related podcasts and visit security
websites and always seems to hear these experts say they
personally use a MAC and have bought one for their family
members too after seeing so many scary vulnerabilities in Windows
and Internet Explorer!

The Macintosh IS the condom of the internet!!
Reply to this comment View all 2 replies
Microsoft CAN NOT be allowed to profit from this...
by SmartITGUY January 4, 2006 8:26 AM PST
You KNOW, Microsoft will use this flaw to leverage users into buying new software. They will ONLY patch Windows XP, and anyone using Windows 2000 or older, who wants their systems fixed or made more secure will be FORCED to buy WIndows XP.
In alot of cases this will force people to have to buy new hardware.

So far Microsoft has seen surges in sales of Windows XP for every flaw and exploit that has come out. THIS IS VERY WRONG! Microsoft should not be rewarded for poor programming. What's to stop them from deliberately creating flaws and vulnerabilities to increase sales.

The LAW needs to step in and FORCE Microsoft to patch "EVERY" version of Windows that is affected by this flaw... AT NO COST TO THE USER.
Reply to this comment
 See all 90 Comments >>
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Best hybrid cars
Cell phones
Dell
GPS
CNET sites
CNET TV
Downloads
News
Reviews
Shopper.com
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET