• United States



Risk of Windows WMF Attacks Increases

Jan 04, 20062 mins
CSO and CISOData and Information Security

Attempts to exploit a flaw in Windows WMF files have “become increasingly serious over the past two days” with “significant developments … in the past few hours,” according to a New Year’s Day alert issued by iDefense.

“Risk has gone up significantly in the past 24 hours for any network still not protected against the WMF exploit.”

Attacks are carried out through a vulnerability in the way Windows XP and Windows Server 2003 handle corrupted Windows Metaile (.WMF) graphic files. So far, it appears that Windows Data Execution Prevention (DEP) software or disabling Windows’ shimgvw.dll file will block WMF attacks to date, according to iDefense.

The HappyNY.A attack has been using an e-mail with the subject “happy new year” that includes the attached file HappyNewYear.jpg. That file, actually a hostile WMF file, installs the Bifrose backdoor Trojan in the victim’s system when the file executes.

Websense Security Labs says it is tracking “several dozen” Web sites seeking to use the WMF vulnerability. More information is available on the Websense blog at

“WMF exploitation has started to take off in the wild,” iDefense spokesman Ken Dunham said in an e-mail statement. “Dozens if not hundreds of WMF exploiting sites are likely to be reported in the coming days and weeks.”

“A new, upgraded WMF exploit was posted to the public today and is highly functional,” Dunham added.

By Sharon Machlis – Computerworld (US online)