[Dshield] WMF "wait for us" (Interjection)

M Cook dshieldlists at versateam.com
Sat Jan 7 00:12:35 GMT 2006


Bryan Hill wrote:

>I am sorry for introducing another variable into this discussion.
>However, can someone kindly tell me if the patch fixes computers, which
>are already compromised by the WMF file?
>
>If not, can someone please point me to the right direction for a fix for
>that is already thrashed !!!
>  
>

The examples I've seen cited all point to the WMF simply downloading and 
installing relatively well known malicious packages -- backdoors, 
keyloggers, etc. These should be detectable by the usual methods. One of 
the online scanning services would be a good start.

On the other hand, unless you can prove that you have removed all of the 
bad things (which you probably cannot do), you should be suspicious that 
there's something else lurking on the compromised machine. The best way 
to fix it is to format the hard drive and reinstall everything from 
known good media.


More information about the list mailing list