Windows Metafile zeroday exploit
There’s more on the WMF 0-day exploit… According to f-secure it’s being used to distribute the following nasties….
Trojan-Downloader.Win32.Agent.abs
Trojan-Dropper.Win32.Small.zp
Trojan.Win32.Small.ga
Trojan.Win32.Small.ev.
It’s also installing the wolf in sheeps clothing… Avgold.
Sunbeltblog is reporting that the exploit is now on 50 sites…. Here is a list to block….
m.cpa4 [dot] org
008k [dot] com
mscracks [dot] com
keygen [dot] us
dailyfreepics [dot] us
pornsites-reviews [dot] com
mmxo.megaman-network [dot]
com
600pics [dot] com
Crackz [dot] ws
unionseek [dot] com
www.tfcco
[dot] com
Iframeurl [dot] biz
beehappyy [dot] biz
Buytoolbar [dot] biz
teens7 [dot] com
They also speculate on potential vectors in web-based mail accounts spam (hotmail) and trackback blog links. It sounds as though after getting bit by this one, reinstalling the operating system is the best way back to running normally.