This hopefully will be my last post on the whole WMF exploit stuff…. It’s prompted in part by a comment on one of the articles on Windows 98 and the vulnerability. I realized that I hadn’t really brought things to a full conclusion for the Windows 98 users. Of course, Microsoft has released an official […]
More sites that claim to be windows security center or the like are popping up… a list: securitycaution(dot)com dnserror404(dot)com todaywarnings(dot)com updatesystempage(dot)com yoursecuritysystem(dot)com From sunbeltblog. Send article as PDF
The security fix has some news today on some bogus security software makers (the wolves in sheeps clothing as I tend to think of them…) Anyway, they’re settling deceptive trade practice chargers that were brought by the FTC. SpywareAssassin and Spykiller were facing a civil suit over their ads which invariably found infestations on a […]
Well, antivirus vendors and IT security folks are waiting now for the expected activation of the sober.y worm searching for a new downloads and a new revision of the pest. kaspersky’s log indicates the expected activation time is 00:00 GMT January 6th, which means here in the EST zone that would be 7PM EST… Of […]
Brian Krebs at the SecurityFix today has questions about Microsoft OneCare. In fact, with Microsoft saying that OneCare is “more than just antivirus” you wonder whether that’s just marketing speak, or if that’s really the case…. he speculates about OneCare doing the registry patch that was a recommended workaround and a few other things related […]
I didn’t see this reported anywhere, but since yesterday when there was an update to the metasploit module for the WMF vulnerability I think there’s been yet another update. I read yesterday that it had been updated and could evade all known IDS signatures. I downloaded the update to continue my Win98 testing. Then today […]
There are a number of references out today to a December 31st article (on a study by av-test) about how well antivirus products were keeping up with the shifting signatures of the WMF exploits. There was a list of about 12 products that were at 100% detection. Unfortunately, the important point is that the original […]
Yesterday, when I was testing the WMF exploit against a Windows 98 virtual machine, I sent samples through virus total and the only antivirus product to detect each of them was “TheHacker” from hacksoft. This evening I was revisiting the exploit (with the new rule for metasploit) and saved 20 samples which I also tested […]
After my Windows 98 tests which failed to exploit the system with either the first or the second vulnerability, I started wondering how well the antivirus companies were doing in detecting this second exploit variation. I had setup and updated metasploit so I could test my Windows 98 SE install against the latest version of […]
The same person that has given the New Year’s gift of an unofficial patch for the WMF exploit circulating has also provided a WMF vulnerability checker, download and install, it will tell if you’re vulnerable. Post is available here. According to the first comment it seems as though the vulnerability checker is triggering Norton’s auto-protect. […]
Bookmark this site now by pressing Ctrl+D
