Another trojan using WMF exploit in SPAM



F-Secure is reporting on another SPAM attack that tries to get people to click on a link to a site with an exploit-crafted WMF file. The message is along the lines of a claimed Professor at Yale announcing the unfortunate vandalism over the New Year holiday, the link purports to be pictures of the act in the “hope that someone may recognize the culprits work”. I’m sure this won’t be the last of that sort….


Administrators: you might want to block these at your gateways:
http access to playtimepiano[dot]home[dot]comcast[dot]net (do not visit this site)
tftp (ie. UDP) access to 86.135.149.130
IRC access to 140.198.35.85:8080
IRC access to 24.116.12.59:8080
IRC access to 140.198.165.185:8080
IRC access to 129.93.51.80:8080
IRC access to 70.136.88.76:8080

   Send article as PDF   

Similar Posts