contents

software
 
A New Windows Vulnerability Is Being Exploited to Infect Computers

A critical and unresolved vulnerability in almost all Windows operating systems is being actively used to infect users' computers with all types of malicious code. PandaLabs has encountered files that make use of this vulnerability through an exploit (program that takes advantage of a security flaw), on numerous web pages. Trojans, spyware and adware are being installed on the computers of users that visit these pages.

This vulnerability lies in the way Windows handles WMF (Windows Meta Files) files, so all applications that can process this type of file are affected. These include Internet Explorer, Outlook and Windows Picture and Fax viewer.

The malicious code which, according to data from PandaLabs, is being installed on systems thanks to this vulnerability includes known specimens such as SpyAxe, an adware which shows an icon informing that the computer is infected at the same time as displaying a message offering and installing a tool to disinfect it. When users double-click on this message, a web page appears from which the tool can be downloaded free of charge. Once the tool is installed and the system has been scanned, users are informed of the spyware and adware detected. Nevertheless, it will not remove them unless the user returns to the web page to buy the product.

The following are websites being used to spread some malware from this exploit/vulnerability:

toolbarbiz.biz
toolbarsite.biz
toolbartraff.biz
toolbarurl.biz
buytoolbar.biz
buytraff.biz
iframebiz.biz
iframecash.biz
iframesite.biz
iframetraff.biz
iframeurl.biz

Panda ActiveScan can detect this vulnerability (detected as "Metafile" by PandaLabs) in computers. The preliminary percentage of computers found to be infected that used ActiveScan since the detection was updated is 1.84%. In the U.S., it is the vulnerability most frequently detected by Panda ActiveScan at the moment.



write your comments about the article :: 2005 Computing News :: home page