[Dshield] WMF exploit

Tom dshield at oitc.com
Wed Jan 18 20:40:18 GMT 2006


At 11:02 AM -0500 1/18/06, Mark Tombaugh wrote:
>On Wed, 2006-01-18 at 07:32 -0700, Philip H. O'Neill wrote:
>>  WMF exploit is flying through YaHoo groups. I have not looked at the
>>  payload. In the last 2 day I received over 100 messages from various
>>  groups always sized 180-181 of HXQ or UUE and 129 for PIF type files.
>
>I don't think these are exploiting WMF. Sounds more like:
>
>http://www.sophos.com/virusinfo/analyses/w32nyxemd.html
>http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%
>5FGREW%2EA&VSect=T

ClamAV calls it Worm VB-8


-- 

Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/
US Phone Numbers: 321-984-3714, 321-729-6258(fax), 
321-258-2475(cell/voice mail,pager)
Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw at mac.com
skype: trshaw


More information about the list mailing list