John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| Arafat worm exploits new MS vuln
»www.theregister.co.uk/2004/11/17···at_worm/
By John Leyden
Published Wednesday 17th November 2004 09:15 GMT
A worm which exploits curiosity about the death of Yasser Arafat is the first to exploit the known Extended MetaFiles vulnerability.
Aler is a network worm that was widely bulk-mailed with the subject "Latest News about Arafat!!!". These infected emails had two attachments, one a clean JPEG file and the other an infected EMF file, according to anti-virus firm F-Secure.
The EMF file exploits a well-known Windows vulnerability (MS04-032) to install the worm onto systems when the attachment is opened.
Thereafter, Aler spreads across network shares and hosts with weak user passwords. The worm's payload is a connection proxy that allows the attacker to initiate network connections through an infected computer. This feature could be used to send spam or attack other computers.
F-Secure rates Aler - which only infects Windows PCs - as a medium category nuisance. Standard precautions apply - vigilance about unsolicited messages, updating AV protection, use of stronger passwords, tin-foil hats etc. ®
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | Fortunately, attachments and Arafat have 2 things in common. I don't like either so would never have a problem with this one in the first place. In my home they're both dead upon arrival.:D |
|
ironwalker
World Renowned
Premium,MVM
join:2001-08-31
Keansburg, NJ
clubs: | reply to John2g
Arafat worm?
Must hide well and keep quiet...;) |
|
Martinus
Premium
join:2001-08-06
EU
3 edits | said by ironwalker  :Arafat worm? Must hide well and keep quiet...;) Was supposed to be buried in a concrete coffin so he couldn't come back to haunt anyone.
Guess they should have wrapped him in tin foil too.
--
From the GSV "Ethics Gradient" |
|
