There has been a flood of information about the WMF vulnerability and associated exploits. We plan to record a special 10-15 minute podcast episode dedicated to WMF tonight. Right now, here are some facts to present to management and help further assess the situation:

  • According to ISC, there was a trojan being installed via WMF that hit a web page to increment a counter. Last count, 200,000.
  • The latest SANS polls indicate that organizations are in fact seeing attacks that use the WMF vulnerability
  • F-Secure has found evidence of attackers using the flaw to infect machines and tell them to send SPAM. The link in the SPAM message contains a WMF exploit that installs a bot, instructing the computer to partake in a botnet. More information here.
  • WebSense has released an alert which shows you what some of the WMF images look like on varius web sites. They state that there are two types of attacks, one where users are lured to an evil web site, and one where an attacker compromises an existing web site and slip in a WMF image with exploit code.


About the author

Paul Asadoorian is the Founder & CEO of Security Weekly, where the flagship show recently re-titled "Paul's Security Weekly" has been airing for over 8 years. By day he is the Product Evangelist for Tenable Network Security. Paul produces and hosts the various shows here at Security Weekly, all dedicated to providing the latest security news, interviews with the industries finest and technical how-to segments. Paul is also the founder and host of "The Stogie Geeks Show", featuring cigar reviews for cigar enthusiasts.