[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] Static Blocking for the WMF Exploit - over 50known variants
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] Static Blocking for the WMF Exploit - over 50known variants
- From: "Discussion Lists" <discussions@xxxxxxxxxxxxxx>
- Date: Thu, 29 Dec 2005 08:50:10 -0800
Sorry if this was asked before, but how do I know if my machine has been
compromised? I am working on a way to contain any damage caused by this
exploit, and it would be helpful to know for sure that what I am doing is
working or not working.
Thanks!
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Todd Towles
Sent: Thursday, December 29, 2005 7:16 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Static Blocking for the WMF Exploit - over
50known variants
Sunbelt has released several sites that are being used to spread bad
WMF files
http://sunbeltblog.blogspot.com/2005/12/more-than-50-wmf-variants-in-wild.html
<http://sunbeltblog.blogspot.com/2005/12/more-than-50-wmf-variants-in-wild.html ;>
I have added this sites into my static blocking, but this isn't a great
method..but it can only help at this point. Wanted to share this information.
-Todd
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/