Several new Trojans attack via the extremely critical WMF vulnerability

Kaspersky Lab, a leading developer of secure content management solutions which protect against viruses, hackers and spam, has detected a range of Trojan programs which exploit the Windows Meta File vulnerability. This vulnerability is rated highly critical, and so far, no patch has been issued.

The Trojans are classified as Trojan-Downloader.Win32.Agent.acd, as all the samples detected by Kaspersky Lab come from the same family. New modifications of these programs may well appear in the near future.

The WMF vulnerability is present in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 with Service Pack 0 and Service Pack 1. The vulnerability can be exploited when viewing infected sites with Internet Explorer, Firefox (if certain other conditions are met), or when previewing *.wmf format files with Windows Explorer.

Computers will be infected by programs from the Agent.acd family if the user visits unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.

To prevent infection, Kaspersky Lab strongly recommends that users should not open files with a *.wmf extension. Users should also configure their Internet Explorer security settings to “High”.

Antivirus databases updates containing detection for Trojan-Downloader.Win32.Agent.acd have already been released. Further information is available in the Kaspersky Virus Encyclopaedia.