Re: A Very Dangerous Worm in Windows Metafile Images (WMF)

---

• From: Mike Monett <gqtacfwfjfmx@xxxxxxxxxxxxx>
• Date: Sun, 01 Jan 2006 16:40:38 -0800

---

Mike Monett wrote:
>
> To All,
>
> Last night, a very dangerous computer worm was released on the
> internet. It is carried on Windows Metafile images and automatically
> executes with no user interaction. With Microsoft Explorer or
> Outlook, you are automatically infected if you recieve infected
> email or view a site with the worm. The problem is Windows WMF files
> have the capability to execute external code. This is a virus
> writer's dream. He can do anything he wants.

[...]

Update: Opera is not vulnerable. You have to work hard to get infected.

Here is more information from Rijk van Geijtenbeek in the opera.general
newsgroup:

"Opera cannot display WMF files natively, so it is not vulnerable
in itself. With the default configuration Opera opens the download
dialog for such files. If you click 'Open' and the default handler
is the 'MS Picture and fax viewer', you can apparently be infected
by malicious WMF files. So treat WMF files with the same caution
as EXE and BAT etc files, I'd say. And don't change Opera's
settings to directly open such files..."

Go Opera! Beats the pants off MSIE and Firefox.

Mike Monett
.

---

• Follow-Ups:
  • Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
    • From: Terry Pinnell
  • Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
    • From: JeffM

• References:
  • A Very Dangerous Worm in Windows Metafile Images (WMF)
    • From: Mike Monett

• Prev by Date: A Very Dangerous Worm in Windows Metafile Images (WMF)
• Next by Date: Re: Flooding in N. California (was Re: Super OT: America - the good and the, um, room for improvement)
• Previous by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
• Next by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: A Very Dangerous Worm in Windows Metafile Images (WMF) ... Mike Monett wrote: ... a very dangerous computer worm was released on the ... The problem is Windows WMF files ... >Update: Opera is not vulnerable. ... (sci.electronics.design) Re: any script to find renamed wmf files? ... >> found a description of Microsoft Windows Metafile format. ... >>> of them are actually renamed .wmf files. ... Going back to the wmf vulnerability itself, we see number of sites mention that ... So while unregistering shimgvw.dll may make you less vulnerable, ... (comp.lang.perl.misc) Re: opening attachments ... Windows Picture and Fax Viewer, if they have Windows XP, will open *.wmf ... MS Paint will open *.wmf files. ... IrfanView can open *.wmf files. ... (microsoft.public.windowsxp.help_and_support) Re: When I recolor .wmf files in ppt , a border appears around them. W ... saved as .wmf files, a border is applied around the graphic after you hit ... This doesn't happen in Windows 2000 or earlier Windows. ... Many of them have a kind of background frame. ... Steve Rindsberg, PPT MVP ... (microsoft.public.powerpoint) Re: any script to find renamed wmf files? ... > found a description of Microsoft Windows Metafile format. ... >> hard drives to see if any of them are actually renamed .wmf files. ... >> (i ask this here, because perl is my preferred language, ... (comp.lang.perl.misc)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)