Windows zero day nightmare exploited

By byte
in Back Page News

 Share

Recommended Posts

Experienced

byte

Posted
Posted

F-SECURE, Bugtraq and a number of other security aware outfits have warned of a zero day vulnerability that's being actively exploited as we write.

Fully patched Windows XP SP2 machines are vulnerable and there's no known fix as yet.

A number of trojans are being distributed using the vulnerability, related to Windows' image rendering.

F-Secure says you can get blatted if you visit a site with an image file containing the exploit. IE users may automatically be infected. Firefox users can get infected if the image file is downloaded. There's more solid advice at F-Secure. We await a patch from Microsoft.

Full article and source

Link to comment
https://www.neowin.net/forum/topic/413457-windows-zero-day-nightmare-exploited/
Share on other sites
Mentor

RootWind

Posted
Posted

NOD32 detected a trojan yesterday in my system32/c2c.dll, it's called Win32/Delf.AHV. Any relation to this?

Doubt it, if this was really zero day, then NOD32 would give the generic heuristic detection (NewHeur* something like that), and not a name (unless the news source is a bit late, which it might be).

Grand Master

mAcOdIn Veteran

Posted
  • Veteran
Posted

sounds pretty creepy. but using irfanview and firefox is it that serious?

Well using firefox it sounds like you'd have to accept to download the file and then view it in IE or explorer, so I'd say the chances of getting infected via firefox is slim for most of us as we wouldn't accept a download at random.

Mentor

RootWind

Posted
Posted (edited)

Just in time for work tomorow, if this realy is true then is the attack ment to happen today or in the next 24 hours?

Well it's been spreading in the last 24 hours apparently. It's not really an "attack" where someone is actively attacking something, but you still need to make the user do something (go to a website).

Edit: Well that's interesting. I guess McAfee VS Enterprise is pretty useful since it is able to block it with its Buffer Overflow protection. Does anyone know if the buffer overflow protection from AMD and Intel do anything?

Edited by DefensiveCore
Proficient

yodat

Posted
Posted

Doubt it, if this was really zero day, then NOD32 would give the generic heuristic detection (NewHeur* something like that), and not a name (unless the news source is a bit late, which it might be).

Yes, NOD32 detects the malwares which uses this exploit from update 1.1342.

http://www.wilderssecurity.com/showthread.php?t=113132

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted (edited)

Yes this is out in the open as we speak, I have seen three computers already infected by This in the last two days, The previous link will just take you to a page where you can view information on the exploit, It's REALLY nasty and spreading quickly, ANY XP machine fully patched can get instantly infected if you just view a website containing the exploint while using Internet Explorer.

I have also explained how to remove one of the variants of this exploit Here

Edited by Ely
Mentor

madnuke

Posted
Posted

Ok, now on action stations I've seen that this before only today at work, when we going to be able to get a patch from Microsoft or some updated virus protection files. If this exploit is published it could be another few varients of it.

Mentor

RootWind

Posted
Posted

Ok, now on action stations I've seen that this before only today at work, when we going to be able to get a patch from Microsoft or some updated virus protection files. If this exploit is published it could be another few varients of it.

Looks like almost every AV has an update for it already.

Mentor

BigCheese

Posted
Posted

OOOHHHHH!

"Over the last 24 hours, we've seen three different WMF files carrying the zero-day WMF exploit. We currently detect them as W32/PFV-Exploit.A, .B and .C."

Yesterday, I went to some dodgy website (using Maxthon), and it kept asking to download some random wmf file. Luckily I didn't.

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted

It's funny how yesterday you would make a search on this board for SpySheriff and you would get no results, Just make a search for it now and you'll see how fast it's going........ This is a nasty nasty infection.

Mentor

madnuke

Posted
Posted

This is looking partically nasty and time consuming to us PC techs, I think its going to be best to format untill there is some easy removal tool or Microsoft patchs it as most normal savy pc users wont know about this, half of them wont even know what a a .wmf is.

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted

Here is a video on how this thing behaves one you are infected, telling by the info so far it looks like there's lots of different variants of it, it always works using different antyspyware hoax programs:

Video Here

and Here it is a link to the full article with the video.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • AMD 9070XT

      By cooky560 · Posted

      Well I've done a grand total of nothing, and it now clocks between 2010mhz and 1995mhz (stock is 1710mhz) and hovers around 80c, warmer than it used to, but tolerable clocks seem to have returned. Thanks for all the advice on this thread. Will review the evidence and make a choice.
    • Microsoft hides these secret Windows 11 performance boost settings available on every PC

      By ExPat · Posted

      Looking forward to the test results.
    • Audacious 4.6.1

      By Copernic · Posted

      Audacious 4.6.1 by Razvan Serea Audacious is a lightweight, open-source audio player that emphasizes simplicity, performance, and sound quality. Designed for Linux, Windows, and macOS, it supports a wide range of audio formats, internet radio streaming, and playlist management. Users can customize the interface with Winamp-style skins or modern themes, making it flexible for different preferences. Audacious also includes an equalizer, advanced audio effects, and a plugin system for extending functionality. Its low resource usage makes it especially suitable for older computers or users who value efficiency without sacrificing playback quality. Audacious key features: High audio quality – delivers clean, gapless playback with minimal distortion. Wide format support – plays MP3, FLAC, Ogg Vorbis, AAC, WAV, WMA, and more. Internet radio streaming – supports Shoutcast, Icecast, and other online streams. Winamp skin support – classic, nostalgic look for users who prefer the old-school style. Modern GTK-based interface – clean, simple UI with a more modern feel. Customizable themes – change appearance through skins and themes. Advanced playlist management – organize, save, and edit playlists with ease. Equalizer – fine-tune audio output with a built-in graphical equalizer. Audio effects – built-in DSP options like crossfade, replay gain, and more. Plugin system – extend functionality with additional components. File metadata support – displays and organizes music based on tags. Drag-and-drop support – quickly add songs or playlists. Global hotkey support – control playback without switching windows. Bit-perfect output modes – bypass system mixers for pure audio output. ReplayGain support – normalizes track loudness automatically. Cue sheet support – play entire albums from a single audio file with .cue. MPRIS2 integration – integrates with Linux desktop environments for media controls. Advanced resampling options – adjust playback quality with different resampler settings. Gapless playback – seamless transition between tracks encoded properly. Crossfade plugin – blend one song into the next smoothly. Last.fm scrobbling plugin – track listening history online. Remote control support – control Audacious via command-line or scripts. Lyrics plugin – display song lyrics if available. Alarm / timer plugin – start or stop playback at set times. SOX resampler plugin – high-quality resampling for audiophiles. Spectrum analyzer / visualization plugins – visual feedback while playing music. Headphone crossfeed effect – simulates speaker listening for headphones. Customizable buffer size – tweak latency and playback smoothness. Audacious 4.6.1 changelog: Use XDG cache dir to store temporary files (#1817) Accept embedded lyrics in more cases (#1818) Bump .so and plugin ABI versions retrospectively (#1819) Include Georgian translation (#1820) Fix build on systems using musl instead of glibc (#1823) Download: Audacious 4.6.1 | 48.2 MB (Open Source) Download: Portable Audacious 4.6.1 | 69.8 MB View: Audacious Website | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Politically funny images of the World

      By +DoctorD · Posted

    • Can't access the forum on mobile

      By Steven P. · Posted

      I really wonder if this has to do with the built in VPN or "private DNS" of browsers that trip up legal requirements like cookie consent and Cloudflare (to avoid all the botnet attacks we get). And BTW some botnets still manage to get past Cloudflare, we are constantly having to tweak it to block malicious traffic that ultimately cause a DDoS.

  • Recent Achievements

    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter
    • One Month Later
      AndreaB earned a badge
      One Month Later
    • One Month Later
      agatameier earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      505
    2. 2
      +Edouard
      197
    3. 3
      PsYcHoKiLLa
      142
    4. 4
      ATLien_0
      89
    5. 5
      Steven P.
      80
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!