Malware type: Trojan

Aliases: Exploit.Win32.IMG-WMF (Kaspersky), Exploit-WMF (McAfee), Downloader (Symantec), EXP/MS06-001.WMF (Avira), Exp/WMF-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This Trojan is a Windows Metafile (WMF) that exploits a known vulnerability in the way specially-crafted WMF images are handled that can lead to arbitrary code execution. For more information about this vulnerability, please refer to this page:

Microsoft Security Bulletin MS06-001

This vulnerability is a zero-day exploit that is capable of remote code execution. Zero-day exploits are termed as such because the unpatched vulnerability and its corresponding exploit code are released within the same day. This may pose as a dangerous situation in which a lot of computers may be affected due to the availability of exploit code, and the fact that the vendor has not been given enough time to patch it.

Upon successful exploitation of this vulnerability, this Trojan connects to a certain Web site and downloads a certain file. Trend Micro detects the said file as ADW_EXFOL.A.

For additional information about this threat, see:
Solution
Technical Details

Description created: Dec. 29, 2005 8:09:41 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.