This exploit is basically the Zero-Day Windows Bug explained in this (http://lissaexplains.com/forum/showthread.php?t=49390) thread in News & Politics.


WMF (Windows Metafile Format) is being exploited in this new threat. This means you can get infected just by viewing a Web page that has this particular image or by accessing an infected image on your computer.
Firefox and Opera apparently does not display this image because its format is outdated. Alternative browsers will reduce your chances of infection by a lot.
Affects all versions of Windows from 95 to 2003.
Google Desktop should be turned off as it also caches the exploit.
This exploit will make you vulnerable to viruses, trojans, installers, etc. when activated.
The image has popped up on big communities such as eBay (XBOX auctions noted), MySpace, Wikipedia via image searching.
If your AV catches something like xpl.wmf or warns you of its association with trojans, yeah, that means you've been exposed to it.


I was looking a random forum's thread in which a user exploited via posting a lot in the thread with his signature on (which was an invisible 1x1 image that contained the exploit). However, I use Firefox, but I'm still unsure, so looks like I'll be doing some serious scanning tonight.

Credit to the SA community for explaining the exploit.

This exploit is basically the Zero-Day Windows Bug explained in this (http://lissaexplains.com/forum/showthread.php?t=49390) thread in News & Politics.


WMF (Windows Metafile Format) is being exploited in this new threat. This means you can get infected just by viewing a Web page that has this particular image or by accessing an infected image on your computer.
Firefox and Opera apparently does not display this image because its format is outdated. Alternative browsers will reduce your chances of infection by a lot.
Affects all versions of Windows from 95 to 2003.
Google Desktop should be turned off as it also caches the exploit.
This exploit will make you vulnerable to viruses, trojans, installers, etc. when activated.
The image has popped up on big communities such as eBay (XBOX auctions noted), MySpace, Wikipedia via image searching.
If your AV catches something like xpl.wmf or warns you of its association with trojans, yeah, that means you've been exposed to it.


I was looking a random forum's thread in which a user exploited via posting a lot in the thread with his signature on (which was an invisible 1x1 image that contained the exploit). However, I use Firefox, but I'm still unsure, so looks like I'll be doing some serious scanning tonight.

Credit to the SA community for explaining the exploit.

How do you protect yourself against it?

# Affects all versions of Windows from 95 to 2003.
^
does that include XP??? or did XP come out after 2003

I'm pretty sure XP came out before 2003, so it would be included.

*runs off to start scanning*

Yea, my brother got it last night. His computer is completely locked up.

I bought this computer in 2004, so I think that means I'm safe, right? :scared: Talk about crappy, have they made any patches yet or are they working on it, if anyone knows?

I'm doing a scan just in case...

I've just scanned,theres nothing there,good.I've also switched to Mozilla.

Let's just stay at LEIA,we'll be safe here.=D

woah this is scary!

i found this link about it it has some useful info: http://www.microsoft.com/technet/security/advisory/912840.mspx

Microsoft has not released an official patch yet. I know for sure that avast!, NOD32, Symantec, BitDefender and other major AVs have updated their definitions to include variations of this exploit.

How do you protect yourself against it? Well, make sure your AV is running in real-time mode and scan all files, not just the .exes or whatever. If you use IE, use an alternative browser or at least disable images.

i dont think you can find the exploit with yrou AV. You can find the backdoors it opens though.

As for all of you religious firefox users. Sorry, thsi exploit has the same effect no matter which browser you are using. As long as the image is accessed (even if you mouse even goes over it in the cache) you will catch the exploit.

You know this wouldent happen if microsoft would make its operating system more modularized. having an image format built into an integral part of the operating system is retarded. Serves you right gates.

i dont think you can find the exploit with yrou AV. You can find the backdoors it opens though.

As for all of you religious firefox users. Sorry, thsi exploit has the same effect no matter which browser you are using. As long as the image is accessed (even if you mouse even goes over it in the cache) you will catch the exploit.

You know this wouldent happen if microsoft would make its operating system more modularized. having an image format built into an integral part of the operating system is retarded. Serves you right gates.

However, visit this page: http://www.mozilla.org/support/firefox/faq#mozvsie

It [Firefox] is not integrated with Windows, which helps prevent viruses and hackers from causing damage if they somehow manage to compromise Firefox.

But a virus is still a virus.

Ok, this isn't good! :scared: Hopefully a patch comes out soon.

What are you guys scanning your computers with? I don't think have anything =/ i just made FF my primary browser and il be on guard with websites!

Just another exploit in my opinion... Gotta love Microsoft... I appreciate those who find these exploits and screw up peoples computers, shows how much the real programmers still don't know, that are Microsoft employees...

Since I don't have FF yet, I'm stuck with IE. I'll disable images though.

I'll scan my computer tonight.

Does anyone have any other browser (expect FF and IE), like Oprea, Netscape, etc?

if you catch it howd u get rid of it

if you catch it howd u get rid of it

Microsoft still has not released a patch yet!

Do a full-time scan and see if your AV at least catches some of the "drops" this exploit has allowed (possible trojans let in, etc.). Like shockertwin009 said, you can find the backdoors.

It's a virus, but you never know what it can do, so you might want to scan with Ad-Aware (http://www.lavasoftusa.com/) too. Using your anti-virus is the best to do though.

Here's an article about it: http://www.f-secure.com/weblog/archives/archive-012006.html#00000761

And you can get a fix from here: http://www.hexblog.com/security/files/wmffix_hexblog13.exe

Hope you feel safer now :)

Well, I hope that works, I have to scan my computer anyway, been awhile ..

It's a virus, but you never know what it can do, so you might want to scan with Ad-Aware (http://www.lavasoftusa.com/) too. Using your anti-virus is the best to do though.

It's not a virus, it's a security hole.

It's not a virus, it's a security hole.

Anyway, it's crap, so run everything you can find ;)

what do you mean by "Google desktop" ?

It's a new-ish nifty little feature google came up with: http://desktop.google.com

Ehh, that's really scary.. i hope i'm safe with firefox!! :scared:

I dont feel safer at all because im usung a different computer to mine because it wont turn on and the only thing i did was instal that patch posted earlier :mad: how can i fix it i can geven get on with safemode

I dont feel safer at all because im usung a different computer to mine because it wont turn on and the only thing i did was instal that patch posted earlier :mad: how can i fix it i can geven get on with safemode
That's weird, my computer with XP Pro works just fine after restart.

That's weird, my computer with XP Pro works just fine after restart.
I'm on XP Pro aswell but now it gets up to the black "windows XP" screen and then it just goes back asif iv just turned it on =/ :(

I'm on XP Pro aswell but now it gets up to the black "windows XP" screen and then it just goes back asif iv just turned it on =/ :(
Shouldn't you be able to get to safe mode just before that screen? Also I had SP2 installed if that makes any difference.

nope iv tried VGA, Safe Mode, Safe Mode with networking, it wont go past the windows xp screen

nope iv tried VGA, Safe Mode, Safe Mode with networking, it wont go past the windows xp screen
That sounds awful. However I can't understand how this security fix could have caused it since my computer runs smoothly, ok not so smoothly but that's because I'm using many programs at the same time :).

Its stupid that when i finally get security for my computer it messes up! My brother had a quick look at it and he was like "well i don't know what you've done to it, just dont do the same to mum and dads computer.." and then he went to work :rolleyes: hopefully it will be fixed.. If not then il just have to have the computer wipped.. again. ahwell :( anyone got any ideas that i can try?