Re: wmf

It could be anyfilename.jpg. The compromised .wmf file has to be processed for the malware to deliver its payload, the method most often cited is by directing an unsuspecting user to visit a web site and have him/her click on something and have the web browser process the file. If, for example, someone were to send you a mascaraded jpeg, or if you were to download it from the net then try to open it, the file doesn't need to have the .wmf extension. Inside the file there is a file header that tells Windows what type of file it is and Windows would automatically pass it on to the application associated with it so that it could be processed. Graphic, or image viewers such as IrfanView or ACDSee often have the .wmf associated to them, so Windows could pass the file to these programs which would then open the file and the payload would be delivered. I should add that a few of the MVP's have deliberately tried to get infected (so that they can study the process and test patches) and most report that they are having a hard time getting the file to deliver the payload.

John

Sanford Aranoff wrote:

The new Windows virus is that a wmf file is disguised as a jpg file.
Does this mean that the file is actually virusXXX.jpg, or is it
virusXXX.jpg.wmf?



.

Relevant Pages

  • Re: Warning. New Windows vulnerabilty.
    ... > In short - wmf files can carry viruses. ... > Infection will occur if your email application allows a *preview* of a ... It is carried on Windows Metafile images and automatically ... > vulnerability seems to be in gdi32.dll. ...
    (rec.audio.pro)
  • Re: [Full-disclosure] Metasploit vs ANI
    ... Two new exploit modules are available for version 3.0 of the Metasploit ... feature in Windows and the 'svn update' command on Unix-like systems. ... The second module exploits the ANI flaw through Outlook and Outlook ... payload, launch the exploit, and wait for your payload to execute. ...
    (Full-Disclosure)
  • Re: CMYK Tiff to Sprite - how?
    ... > file swopper which did WMF to Draw, you could set up that file in the ... >>(Windows) how common is that format on windows machines? ... > WMF and EMF (Windows meta file, and Enhanced meta file) are very ... > quantities of clip art are available in WMF format. ...
    (comp.sys.acorn.apps)
  • When is M$ meta file fix(just issued) not a fix?
    ... ust days after Microsoft rushed out a patch for a bug in Windows ... Metafile (WMF) image processing, a security company has warned customers ... attack or execute arbitrary code," Symantec said in a vulnerability ...
    (comp.sys.mac.advocacy)
  • Patch to fix the latest Windows XP WMG meta file vulnerability.
    ... Windows WMF Vulnerability News & Updates ... Anti-Virus vendors quickly updated and began pushing out their A-V ... Ilfak has produced a WMF Vulnerability Checker? ...
    (misc.survivalism)