[Dshield] WMF exploit

jayjwa jayjwa at atr2.ath.cx
Fri Jan 20 11:24:36 GMT 2006

On Wed, 18 Jan 2006, Philip H. O'Neill wrote:

-> WMF exploit is flying through YaHoo groups. I have not looked at the
-> payload. In the last 2 day I received over 100 messages from various
-> groups always sized 180-181 of HXQ or UUE and 129 for PIF type files.

It's probably the one made from the Frsirt released one, the one that does 
DownloadToFileA. Apparently it's a generator, so there will be LOTs of WMF's 
that download stuff. Seems to be MSVC source, I had to make several changes to 
the code to get it to compile here, but maybe my MSVC is too old...

jayjwa [ATr2 RG 2006] B628B851 Linux 2.6.15 gcc-4.0
4+ years connected 24/7.       0 virus/trojan infections
Two linux systems.             0 (spy/ad)ware incidents
A better uptime than my ISP.   0 waiting on patches

More information about the list mailing list