• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

         

Arafat worm exploits new MS vuln
John Leyden, The Register 2004-11-17

A worm which exploits curiosity about the death of Yasser Arafat is the first to exploit the known Extended MetaFiles vulnerability.

Aler is a network worm that was widely bulk-mailed with the subject "Latest News about Arafat!!!". These infected emails had two attachments, one a clean JPEG file and the other an infected EMF file, according to anti-virus firm F-Secure.

The EMF file exploits a well-known Windows vulnerability (MS04-032) to install the worm onto systems when the attachment is opened.

Thereafter, Aler spreads across network shares and hosts with weak user passwords. The worm's payload is a connection proxy that allows the attacker to initiate network connections through an infected computer. This feature could be used to send spam or attack other computers.

F-Secure rates Aler - which only infects Windows PCs - as a medium category nuisance. Standard precautions apply - vigilance about unsolicited messages, updating AV protection, use of stronger passwords, tin-foil hats etc. ®

       

Expand all | Post comment