|
Exploit.WMF.Exfol Trojan Information
| Name: |
Exploit.WMF.Exfol |
| Category: |
Trojan |
| Alias: |
- Alias: Plasming, Trojan.Plasming |
| Advice: |
Remove |
| Risk: |
Severe Risk
Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine. |
| Description:
|
Exploit.WMF.Exfol is a Windows Meta File, a graphics file format, that has been altered to contain malicious code in order to infect the victim's computer though an exploit.
The exploit takes place through a vulnerability in all unpatched versions of Windows XP, Windows 2000, and Windows 2003. Older versions of Windows may be affected under certain circumstances. The infected WMF.Exfol files are being distributed through rotational ads from a third party ad network that is spawning popups from adware vendor Exfol. An unprotected user will be infected by visiting a web page or clicking on an email attachment with the infected files.
Once on the victim's computer, the infected WMF file spawns other malware files that contact the internet and download spyware, adware, and potentially unwanted anti-spyware programs that falsely report malware found on the computer and demand payment to remove it. Other malware including backdoors, password stealers, keyloggers and spam bots may be installed during the exploit. The victim's computer may become under the control of a remote attacker.
Microsoft issued a critical update for this vulnerability on January 5, 2006. The patch is for all versions of Windows XP, Windows 2000 and Windows 2003. The patch will not remove infected files from a victim's computer.
|
| Type: |
Trojan - A Trojan software is any software on a user's computer that the user is not aware or intentionally installed. Most Trojan software is designed to perform some sort of actions that could jeopardize the user's security or privacy. |
Top Trojan Visited Pages:
Tro.Downloader.loadadv - 411 visits
Enable Regedit - 195 visits
Java.ClassLoader.Dummy.d - 187 visits
Trojan.BankerSpy - 179 visits
RBot.steam - 86 visits
Startup.NameShifter.Xgtray - 77 visits
Tro.Bagle.SP - 59 visits
LRPatch Trojan - 58 visits
Trojan.BHO.NameShifter.EZ - 55 visits
Tro.YourStartingPage - 54 visits
Random Trojan Pages:
QScare.Cascade trojan
XMLid.Exploit - Alias: Exploit-CodeBase, Exploit.CodeBaseExec
Mssys Trojan - Alias: TROJ_VANTA.A, Backdoor.Avstral
Win95.Spaces.1445
Trojan.Startup.NameShifter.JP
Trojan.BHO.NameShifter.EA
Dolomite.A.Batch - Alias: Bat/zq, BAT_ETIMOLOD.A
Trojan.Startup.NameShifter.HT
Startup.NameShifter.NB
Plasming Trojan - Alias: Plasming, Trojan.Plasming
|
