Arafat worm exploits new MS vuln
PrintNovel infection technique
Posted in Malware, 17th November 2004 09:15 GMT
Free whitepaper – Out-of-box comparison between Dell, HP, and IBM blade servers
A worm which exploits curiosity about the death of Yasser Arafat is the first to exploit the known Extended MetaFiles vulnerability.
Aler is a network worm that was widely bulk-mailed with the subject "Latest News about Arafat!!!". These infected emails had two attachments, one a clean JPEG file and the other an infected EMF file, according to anti-virus firm F-Secure.
The EMF file exploits a well-known Windows vulnerability (MS04-032) to install the worm onto systems when the attachment is opened.
Thereafter, Aler spreads across network shares and hosts with weak user passwords. The worm's payload is a connection proxy that allows the attacker to initiate network connections through an infected computer. This feature could be used to send spam or attack other computers.
F-Secure rates Aler - which only infects Windows PCs - as a medium category nuisance. Standard precautions apply - vigilance about unsolicited messages, updating AV protection, use of stronger passwords, tin-foil hats etc. ®
Related stories
Grieving Arafat widow seeks business partner
IE exploits top web security threat list
Bofra worm sets trap for unwary
Managing desktop software for fun and profit
Analyst Keynote: The Register Agile Data Center Summit
Enabling The Agile Data Center
Breaching Fort Apache.org - What went wrong?
Snow Leopard security - The good, the bad and the missing
US Dems fill inboxes with 419 scams
BlockMaster SafeStick hardware-encrypted USB drive