Windows zero day nightmare exploited

By byte
in Back Page News

 Share

Recommended Posts

Experienced

byte

Posted
Posted

F-SECURE, Bugtraq and a number of other security aware outfits have warned of a zero day vulnerability that's being actively exploited as we write.

Fully patched Windows XP SP2 machines are vulnerable and there's no known fix as yet.

A number of trojans are being distributed using the vulnerability, related to Windows' image rendering.

F-Secure says you can get blatted if you visit a site with an image file containing the exploit. IE users may automatically be infected. Firefox users can get infected if the image file is downloaded. There's more solid advice at F-Secure. We await a patch from Microsoft.

Full article and source

Link to comment
https://www.neowin.net/forum/topic/413457-windows-zero-day-nightmare-exploited/
Share on other sites
Mentor

RootWind

Posted
Posted

NOD32 detected a trojan yesterday in my system32/c2c.dll, it's called Win32/Delf.AHV. Any relation to this?

Doubt it, if this was really zero day, then NOD32 would give the generic heuristic detection (NewHeur* something like that), and not a name (unless the news source is a bit late, which it might be).

Grand Master

mAcOdIn Veteran

Posted
  • Veteran
Posted

sounds pretty creepy. but using irfanview and firefox is it that serious?

Well using firefox it sounds like you'd have to accept to download the file and then view it in IE or explorer, so I'd say the chances of getting infected via firefox is slim for most of us as we wouldn't accept a download at random.

Mentor

RootWind

Posted
Posted (edited)

Just in time for work tomorow, if this realy is true then is the attack ment to happen today or in the next 24 hours?

Well it's been spreading in the last 24 hours apparently. It's not really an "attack" where someone is actively attacking something, but you still need to make the user do something (go to a website).

Edit: Well that's interesting. I guess McAfee VS Enterprise is pretty useful since it is able to block it with its Buffer Overflow protection. Does anyone know if the buffer overflow protection from AMD and Intel do anything?

Edited by DefensiveCore
Proficient

yodat

Posted
Posted

Doubt it, if this was really zero day, then NOD32 would give the generic heuristic detection (NewHeur* something like that), and not a name (unless the news source is a bit late, which it might be).

Yes, NOD32 detects the malwares which uses this exploit from update 1.1342.

http://www.wilderssecurity.com/showthread.php?t=113132

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted (edited)

Yes this is out in the open as we speak, I have seen three computers already infected by This in the last two days, The previous link will just take you to a page where you can view information on the exploit, It's REALLY nasty and spreading quickly, ANY XP machine fully patched can get instantly infected if you just view a website containing the exploint while using Internet Explorer.

I have also explained how to remove one of the variants of this exploit Here

Edited by Ely
Mentor

madnuke

Posted
Posted

Ok, now on action stations I've seen that this before only today at work, when we going to be able to get a patch from Microsoft or some updated virus protection files. If this exploit is published it could be another few varients of it.

Mentor

RootWind

Posted
Posted

Ok, now on action stations I've seen that this before only today at work, when we going to be able to get a patch from Microsoft or some updated virus protection files. If this exploit is published it could be another few varients of it.

Looks like almost every AV has an update for it already.

Mentor

BigCheese

Posted
Posted

OOOHHHHH!

"Over the last 24 hours, we've seen three different WMF files carrying the zero-day WMF exploit. We currently detect them as W32/PFV-Exploit.A, .B and .C."

Yesterday, I went to some dodgy website (using Maxthon), and it kept asking to download some random wmf file. Luckily I didn't.

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted

It's funny how yesterday you would make a search on this board for SpySheriff and you would get no results, Just make a search for it now and you'll see how fast it's going........ This is a nasty nasty infection.

Mentor

madnuke

Posted
Posted

This is looking partically nasty and time consuming to us PC techs, I think its going to be best to format untill there is some easy removal tool or Microsoft patchs it as most normal savy pc users wont know about this, half of them wont even know what a a .wmf is.

Grand Master

+Elі Subscriber²

Posted
  • Subscriber²
Posted

Here is a video on how this thing behaves one you are infected, telling by the info so far it looks like there's lots of different variants of it, it always works using different antyspyware hoax programs:

Video Here

and Here it is a link to the full article with the video.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Linux 7.1 arrives with an NTFS overhaul and major hardware performance boosts

      By Max Norris · Posted

      Nice, hope they *finally* fixed the issue with the NTFS driver where the system would completely brick during large file copies using the built in driver. It's been broken for years requiring me to use the older, slower, NTFS-3G FUSE driver.
    • Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more

      By hellowalkman · Posted

      Windows 11 KB5094126 BSODing, freezing, forcing BitLocker lockout, breaks OneDrive, and more by Sayan Sen Microsoft released Windows 11 KB5094126 and KB5093998 last week as the latest Patch Tuesday updates. Following that the company also published the accompanying dynamic updates under KB5094149, KB5095971, and KB5094156. While Microsoft has so far not acknowledged any major problems with the release, some users online are running into problems. These range from OneDrive and Dropbox access issues, BitLocker recovery lockouts, to blue screens and BSODs. The most common one seems to be happening with HP systems wherein affected users say they hit 0xc0430001 BSOD (blue screen of death) error code after the KB5094126 update. We wonder if this could be related to the recent bug we covered on HP devices wherein the ongoing Secure Boot certificate updates are leading to similar issues. While we are not certain, users affected by this issue likely need to ensure that the boot.stl file is included on the installation media (such as a USB installer or ISO), if the above-mentioned dynamic updates are deployed. If this file is missing, computers may fail to boot from the installation media and could display the error 0xc0430001. This STL file is used by Secure Boot to verify that the boot files are trusted, so it must match the same Windows version and system architecture. To ensure the file is included, Microsoft recommends using the Update WinPE script, which automatically updates the image and handles the required files. Alternatively, you can manually copy the boot.stl file from the Windows\Boot\EFI folder on a Windows device and place it in the matching folder on your installation media before deploying the updated image. Aside from blue screening some users also note their systems have been freezing following the update. This could be happening to Lenovo PCs specifically. In the case of the OneDrive and Dropbox access issues, a user figured out that there could be a conflict with UAC. He explained: "Okay, so I did some digging, and in our environment KB5094126 breaks OneDrive and Dropbox in Explorer. I went through all our GPOs and found out that the combination of disabling UAC and having my user being a local admin breaks OneDrive in Explorer. ... If I enable UAC again, then it works, even with KB5094126 still installed." Hopefully, Microsoft will look into these issues. Source: Microsoft forum (link1, link2, link3, link4), Reddit (link1, link2, link3, link4)
    • Here is how I fixed Windows 11 not booting after clean installation

      By rseiler · Posted

      It is when it's a desktop in my house though for a PC that's lightly used and not really important when it is. If it was a laptop, it would be a different story. The real solution is varied and begins starting at post #22 in that thread.
    • Microsoft hides these secret Windows 11 performance boost settings available on every PC

      By hellowalkman · Posted

      well that's the plan
    • Win11Debloat 2026.06.14

      By Copernic · Posted

      Win11Debloat 2026.06.14 by Razvan Serea Win11Debloat is a lightweight, easy to use PowerShell script that allows you to quickly declutter and customize your Windows experience. It can remove pre-installed bloatware apps, disable telemetry, remove intrusive interface elements and much more. The script also includes many features that system administrators and power users will enjoy. Such as a powerful command-line interface, support for Windows Audit mode and the option to make changes to other Windows users. All changes made by Win11Debloat can be easily reversed, and most removed apps can be restored via the Microsoft Store. A full guide on how to undo the changes is available here. Win11Debloat features: Below is an overview of the key features and functionality offered by Win11Debloat. Please refer to the wiki for more information about the default settings preset. Remove a wide variety of preinstalled apps. Click here for more info. Disable telemetry, diagnostic data, activity history, app-launch tracking & targeted ads. Disable tips, tricks, suggestions & ads across Windows. Disable Windows location services & app location access. Disable Find My Device location tracking. Disable 'Windows Spotlight' and tips & tricks on the lock screen. Disable 'Windows Spotlight' desktop background option. Disable ads, suggestions and the MSN news feed in Microsoft Edge. Hide Microsoft 365 ads on the Settings 'Home' page, or hide the 'Home' page entirely. Disable & remove Microsoft Copilot. Disable Windows Recall. Disable Click to Do, AI text & image analysis tool. Prevent AI service (WSAIFabricSvc) from starting automatically. Disable AI Features in Edge. Disable AI Features in Paint. Disable AI Features in Notepad. Disable the Drag Tray for sharing & moving files. Restore the old Windows 10 style context menu. Turn off Enhance Pointer Precision, also known as mouse acceleration. Disable the Sticky Keys keyboard shortcut. Disable Storage Sense automatic disk cleanup. Disable fast start-up to ensure a full shutdown. ...and more. Once you’ve downloaded the Win11Debloat file (Get.ps1), just follow these quick steps: Locate the Get.ps1 script file. Right-click the file and select Run with PowerShell from the context menu. If prompted by User Account Control (UAC), select Yes to grant the script the necessary administrative permissions. Win11Debloat 2026.06.14 changes: This is a minor release that hopefully addresses the false positives in Windows Defender and Bitdefender that prevented users from downloading and/or running Win11Debloat. Refactor Get-RegFileOperations.ps1 to address false positives by @Raphire in #626 Add logging around WinGet app retrieval and increase timeout to 20s by @Raphire Download: Win11Debloat 2026.06.14 | Open Source View: Win11Debloat Home Page | Screenshots 1| 2 Get alerted to all of our Software updates on Twitter at @NeowinSoftware

  • Recent Achievements

    • Week One Done
      Jeroen Wilms earned a badge
      Week One Done
    • Week One Done
      rolfus earned a badge
      Week One Done
    • One Month Later
      Leroy Jethro Gibbs earned a badge
      One Month Later
    • Conversation Starter
      flexorcist earned a badge
      Conversation Starter
    • One Month Later
      AndreaB earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      508
    2. 2
      +Edouard
      198
    3. 3
      PsYcHoKiLLa
      138
    4. 4
      ATLien_0
      90
    5. 5
      Steven P.
      81
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!