I thing Avast is taking a very low profile in this matter.
I know there is a thread in Virus-forum with different suggestions, but I think Avast should give an official confirmation that Avast users are safe! or not?
Your suggestion to include *.wmf in the URL block list is good but according to MS Security Advisory 912840 it is possible for the files to disguise as eg gif or another picture format.
I can answer your question (first question) about the signature of this exploit, But I can’t give an official confirmation that avast users are safe. vlk or other Alwil staff are the right person to do so.
If I remember corectly, You and I recently had a nice chat at the aSquared Support Forum. You offered help about signature backup and while waiting for moderators to return we talked about casual stuff, remember? ;D
I’m so glad that you’re a happy avast user! Well, if you need a chat again, please don’t hesitate to return to one of the best forums on this matter
Yes, we meet again. The world isn`t that big, is it.
I have been a happy Avast user for a very long time, but not very active on this forum as you can see from my number of counts. Never needed help, I guess ;).
But one thing I will say for sure: we will meet again.
Have a nice day (and a happy new year) if we don`t meet again THIS YEAR!
TAP:
Could you please PM me the address of said website? Thank you! ;D
Edit: I suppose you have removed *.wmf from URL blocking now, should not be necessary?
Is AVAST’s signature for the current version of WMF that was found a couple of days ago as reported here? Apparently this is the second incarnation of WMF and is pretty bad.
But to be serious:
Thanks for welcome. We all need help sometimes.
For me Avast has been pretty much “set and forget” for a couple of years.
I am a bit disappointed about Avast not informing more about the serious threat
mentioned in this thread.
As you see from the thread it was much digging to find out if this exploit was covered by Avast. I found the answer important, especially before I got the workaround from MS.
I have read bout this virus a few days ago and i instantly set the “webshield” with a block on wmf files.
So I guess it should be OK for now,…thank god for the webshield function!
Funny but I hardly use these kinds of files (as a graphical designer). Some wmf files can be vectorized art,…so at work we sometimes have them when we download logo’s/images from a CD-ROM.
As you see, virus/malware/spyware writers become more and more clever!
The video that Vlk set on the forum was a very good illustrator what to expect!
Why if VPS was updated and avast is protecting you…
On contrary, as you can see, with WebShield you’re more protected that other antivirus that does not offer this shield of protection.