Skip to content

Biting the hand that feeds IT

The Register ®

Security:


Related Whitepapers

[Print][Mobile][Alerts]

Arafat worm exploits new MS vuln

Novel infection technique

Published Wednesday 17th November 2004 09:15 GMT

A worm which exploits curiosity about the death of Yasser Arafat is the first to exploit the known Extended MetaFiles vulnerability.

Aler is a network worm that was widely bulk-mailed with the subject "Latest News about Arafat!!!". These infected emails had two attachments, one a clean JPEG file and the other an infected EMF file, according to anti-virus firm F-Secure.

The EMF file exploits a well-known Windows vulnerability (MS04-032) to install the worm onto systems when the attachment is opened.

Thereafter, Aler spreads across network shares and hosts with weak user passwords. The worm's payload is a connection proxy that allows the attacker to initiate network connections through an infected computer. This feature could be used to send spam or attack other computers.

F-Secure rates Aler - which only infects Windows PCs - as a medium category nuisance. Standard precautions apply - vigilance about unsolicited messages, updating AV protection, use of stronger passwords, tin-foil hats etc. ®

Related stories

Grieving Arafat widow seeks business partner
IE exploits top web security threat list
Bofra worm sets trap for unwary

Track this type of story as a custom Atom/RSS feed or by email.
Previous Article Next Article
whitepaper title

The Perfect (Virtual) Marriage

Get consistent virtual machine storage savings of 50% (often as high as 90%) with virtually no performance impact with NetApp deduplication..
whitepaper title

Gartner Paper: US Data Centers

U.S. enterprise data centers face considerable space and energy constraints over the next few years. Download this free independent report to read more..
Whitepapers

Top 20 storiesAll The Week’s HeadlinesArchiveSearch