Trend Micro Virus Alert: TROJ_WMFCRASH.B

Discussion in 'malware problems & news' started by Randy_Bell, Jan 13, 2006.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    TROJ_WMFCRASH.B is a .WMF file that takes advantage of an unpatched vulnerability found in Windows Picture and Fax Viewer. It runs on Windows XP and Server 2003, and is currently spreading in-the-wild.

    The Windows Picture and Fax Viewer vulnerability is a zero-day exploit that is capable of remote code execution. Zero-day exploits are thus named because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may leave systems vulnerable, due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.

    Once this malicious .WMF file is opened, it proceeds to launch a denial of service attack in an attempt to restart or terminate the legitimate system process EXPLORER.EXE. The said action leaves an affected user unable to navigate through Windows.

    After performing its routine, this Trojan terminates itself.

    If you would like to scan your computer for TROJ_WMFCRASH.B or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/

    For additional information about the TROJ_WMFCRASH.B please visit:
    http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_WMFCRASH.B
     
Loading...
Thread Status:
Not open for further replies.