A range of Trojan programs which exploit the Windows Meta File vulnerability has been detected recently. This vulnerability is rated highly critical, and so far, no patch has been issued.
The Trojans are classified as Trojan-Downloader.Win32.Agent.acd, as all the samples detected (by Kaspersky Lab in this case) come from the same family. New modifications of these programs may well appear in the near future.
The WMF vulnerability is present in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 with Service Pack 0 and Service Pack 1. The vulnerability can be exploited when viewing infected sites with Internet Explorer, Firefox (if certain other conditions are met), or when previewing *.wmf format files with Windows Explorer.
Computers will be infected by programs from the Agent.acd family if the user visits unionseek.com or iframeurl.biz. The malicious programs are downloaded to the victim machine and launched via the WMF vulnerability. Agent.acd will then download other Trojan programs to the victim machine.
To prevent infection is strongly recommended that users should not open files with a *.wmf extension. Users should also configure their Internet Explorer security settings to “High”.
28 Dec 2005