The new exploit for WMF is spreading like wildfire. We just got three (3) more links in addition to the ones that we already have.
- http: // <BLOCKED> .free. fr/ foto.wmf
- http: //<BLOCKED>.org / shady.wmf
- http: //www .<BLOCKED> .com /xpl.wmf
Good news is…Those files are already detected by our Generic Pattern as TROJ_NASCENE.GEN.