New WMF exploit can attack Windows — like it or not!

I usually don’t post virus alerts, decease but this one seems to be an emergency. If you’re using Windows, erectile you’re vulnerable — no matter what. Worse yet, population health if you can see the image below, you’re practically naked (Firefox and Opera may ask you to download it; IE will just show it… which means you’re vulnerable to the TrojanDownloader.Wmfex infection.):


—If extremely vulnerable, image will appear under here—

—If no image appears above, you’re still vulnerable, just not as much. Read on…—


In short, there’s a new exploit that uses WMF (Windows™ metafile format) files to infect a computer. All you have to do to get infected is view a Web page that has the image on it, or access an infected image on your computer. That means blogs, forums, auctions and anywhere else anyone can post images can serve as an infection vector for this new exploit.

Here’s a link to someone who can tell you more, including instructions for disabling all WMF viewing. And here’s what I’ve gleaned elsewhere on the net so far:

The exploit affects Firefox, Internet Explorer, and any other browser that displayes or downloads the file into the cache on the local machine. The file could also be a WMF renamed to any other image type, or possible other filetypes. Anything that puts the image exploit onto your computer or opens it up in windows fax viewer or the part of windows that generates thumbnails of WMF files is a vulnerability. This means any vector that puts the image onto your computer (wget, browser, email, IM, etc) can potentially cause the problem.

This affects anyone on Windows (98, 98SE, ME, 2000, XP, 2003). USING FIREFOX DOES NOT ELIMINATE THE RISK as the file is still downloaded to your cache in most cases, but it does reduce your chances somewhat since the image is often not displayed in the browser. But if you then interact with the file in any way (thumbnail it, Google Desktop, hover over with the mouse) that causes it to be handled by the windows subsystem responsible for WMF then you will have problems. Once again, YOU CAN BE CAUGHT BY THIS EXPLOIT EVEN IF THE IMAGE DOES NOT SHOW IN THE BROWSER. If you use Windows, your system is vulnerable.

Hopefully, Microsoft will issue a patch real soon, but to lessen your chances of infection for now:

  • Scan your computer using up-to-date virus definitions
  • Use an alternative browser. Internet Explorer will flat-out display any image it sees in this format. Firefox and Opera will not, but the image may still be downloaded to your computer’s cache, so you’re still not 100% protected.
  • Turn off Google Desktop or anything else that indexes (i.e., “accesses” the files on your computer.)
  • Avoid image searching or visiting Web pages you don’t trust until Micorsoft gets a patch for this one.
  • And ok, I’ll say it (though I know it angers people): Upgrade and learn an operating system that won’t open your computer (and mine!) up to such damned idiocy. Linux, OSX, Unix and LDOS are all immune to this patricular piece o’ crap.

None of this will protect you 100%, but I assume Microsoft will issue a patch soon. Unfortunately, we’ll have to wait for them… The Open Source community, which usually responds immediately to such threats against Linux and other open OS platforms, can’t help you here.

facebooktwittergoogle_plusredditpinterestlinkedinmail

3 thoughts on “New WMF exploit can attack Windows — like it or not!”

Leave a Reply

Your email address will not be published. Required fields are marked *