We are on a head’s up after reading a report about an IM worm using the WMF exploit.
We are on the lookout for a sample of the said worm, we’ll keep you informed when we have it. And just a word of advise on IM users, please do not click on unsolicited or unexpected URL’s in instant messages even if the message came from someone you know. Oh! Before i forget, Happy New Year everyone!!! =)
Update(Jovs, 01 January 2006 09:31:50)
Just started my shift and still have a hang over from New Year!
As for the IM WORM I found a link in a website mentioning this:
Hey your photo http <BLOCKED> free fr xmas 2006 funny jpg D D D D hey your photo http <BLOCKED> free fr xmas 2006 funny jpg D D D D
I followed the breadcrumbs and came up with the domain name http <BLOCKED>.free.fr.
Unlucky for us the file has already been taken out and all i got was a message that said ERROR 404: Not Found on the screen..=P
All that excitement for nothing, feeling down I checked the domain that hosted the said malware and this was staring at me
The site has been hacked by a hacking team, which may also be responsible for creating the said IM WORM.
But this are all just speculations…. In the mean time, I advice all to be more careful with the IM messages popping in, specially now with just the start of New Year…with the e-cards and all those greeting stuffs that everyone’s been fussing about.