[Dshield] WMF exploit
jayjwa at atr2.ath.cx
Fri Jan 20 11:24:36 GMT 2006
On Wed, 18 Jan 2006, Philip H. O'Neill wrote:
-> WMF exploit is flying through YaHoo groups. I have not looked at the
-> payload. In the last 2 day I received over 100 messages from various
-> groups always sized 180-181 of HXQ or UUE and 129 for PIF type files.
It's probably the one made from the Frsirt released one, the one that does
DownloadToFileA. Apparently it's a generator, so there will be LOTs of WMF's
that download stuff. Seems to be MSVC source, I had to make several changes to
the code to get it to compile here, but maybe my MSVC is too old...
jayjwa [ATr2 RG 2006] B628B851 Linux 2.6.15 gcc-4.0
4+ years connected 24/7. 0 virus/trojan infections
Two linux systems. 0 (spy/ad)ware incidents
A better uptime than my ISP. 0 waiting on patches
More information about the list