Here's a look at the exploit in more detail.
-
As we have reported, there are still thousands of websites hosting WMF exploit code.Since we have been analyzing several of these, we thought we would share some steps in researching the behavior of the what the exploit code is doing.
This video displays malicious WMF Files debugging. It shows how you can easily locate and debug the embedded shell code of WMF files, to find out what it was supposed to do.
If you want to try it yourself, do it inside a Virtual Machine and on an unpatched Windows.
»
www.websensesecuritylabs ··· om/blog/-
There are more versions of the exploit floating around, as well as the previous ones, which will still impact millions of people around the world. Also i wonder how different browsers stacked up against the recent WMF threat in percentages, and if that data is available ? Here's one example with FF.
-
WMF Infected Site Examples
We have also included a screenshot of the behavior of a Unix machine (running Knoppix) and Firefox.
»
www.websensesecuritylabs ··· rtID=391Spanner