Hackers Exploiting Zero Day Windows Flaw

The Zero Day exploit of the Windows Metafile bug has racked up six

variants as of Thursday afternoon and has left security analysts

wondering what’s coming next — and how bad it will be.

”This is a significant situation,” says Steve Sundermeier, a vice

president with Central Command, a Medina, Ohio-based anti-virus and

anti-spam company. ”Anytime you have no patch available, it’s a

dangerous situation… We’d rate this as critical.”

The exploit hit the Wild Wednesday morning, infecting fully patched

machines. Three variants quickly followed the initial release with the

other three coming within 24 hours. The vulnerability lies in the way

Windows handles corrupted Windows Metafile (.WMF) graphic files.

It’s being called a Zero Day attack because the exploit code was released

the same day the vulnerability was identified. Sundermeier points out

that the security community hadn’t even known about the bug until the

exploit hit the Wild.

Malicious code on a number of Web sites exploited the vulnerability on

users’ machines. At this point, according to Sundermeier, mass-mailing

emails have not been sent out directing people to the malicious sites.

Users who have been hit have unfortunately stumbled upon the sites.

Dean Turner, senior manager of Symantec’s Security Response, says, as of

this publication, there are 27 malicious Web sites taking advantage of

this bug. ”I would think that we probably will see a lot more since

Microsoft hasn’t provided a patch yet,” says Turner. ”But people are

trying to take advantage of this. They’re not going to let it go. The

numbers and how quickly it will take place is going to be very hard to

predict.”

Turner explains that these Web sites download a malicious WMF file onto

the user’s computer. That file exploits the vulnerability, and then opens

a backdoor and downloads a keylogger. If the user is logged in to her

machine as an administrator, then the attacker could have complete

control of the machine.

Vulnerable operating systems include several Windows Server 2003

editions: Datacenter Edition, Enterprise Edition, Standard Edition and

Web Edition. Windows XP Home Edition also is at risk, along with Windows

XP Professional.

Microsoft has released an advisory, suggesting IT administrators and

users set the email client to read only text, and disable Windows picture

and fax viewer. No patch has been released.

Central Command also is recommending that the malicious sites are blocked

at the gateway. The list of malicious Web sites includes unionseek.com,
iframeurl.biz and tfcco.com.

”The whole trick is for the spammers and virus writers to get something

out into the Wild and doing damage before the security companies can

issue protection,” says Ted Anglace, a senior security analyst at

Sophos, an anti-virus and anti-spam company with U.S. headquarters in

Lynnfield, Mass. ”The Holy Grail for the security companies is to have

technology that blocks these exploits from the very minute they’re

launched.”

But until that happens, IT managers and users are left to quickly throw

up defenses at the drop of hat.

And that’s what makes this a scary situation, according to Sundermeier.

”You’re dealing with the unknown,” he adds. ”One day we’re feeling

good because everything is patched. Everything is ready and as it should

be. And then the next day we have a big problem we didn’t even see

coming. I’m sure there are at least a dozen other Zero Day exploits

waiting to surface.

”I don’t think this is an isolated incident,” says Sundermeier. ”After

Microsoft patches this one, Windows users shouldn’t be fully confidant.”

RELATED NEWS AND ANALYSIS

• Ethics and Artificial Intelligence: Driving Greater Equality

  FEATURE |  By James Maguire,
  December 16, 2020

• AI vs. Machine Learning vs. Deep Learning

  FEATURE |  By Cynthia Harvey,
  December 11, 2020

• Huawei’s AI Update: Things Are Moving Faster Than We Think

  FEATURE |  By Rob Enderle,
  December 04, 2020

• Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 18, 2020

• Key Trends in Chatbots and RPA

  FEATURE |  By Guest Author,
  November 10, 2020

• Top 10 AIOps Companies

  FEATURE |  By Samuel Greengard,
  November 05, 2020

• What is Text Analysis?

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  November 02, 2020

• How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 29, 2020

• Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  October 23, 2020

• The Super Moderator, or How IBM Project Debater Could Save Social Media

  FEATURE |  By Rob Enderle,
  October 16, 2020

• Top 10 Chatbot Platforms

  FEATURE |  By Cynthia Harvey,
  October 07, 2020

• Finding a Career Path in AI

  ARTIFICIAL INTELLIGENCE |  By Guest Author,
  October 05, 2020

• CIOs Discuss the Promise of AI and Data Science

  FEATURE |  By Guest Author,
  September 25, 2020

• Microsoft Is Building An AI Product That Could Predict The Future

  FEATURE |  By Rob Enderle,
  September 25, 2020

• Top 10 Machine Learning Companies 2021

  FEATURE |  By Cynthia Harvey,
  September 22, 2020

• NVIDIA and ARM: Massively Changing The AI Landscape

  ARTIFICIAL INTELLIGENCE |  By Rob Enderle,
  September 18, 2020

• Continuous Intelligence: Expert Discussion [Video and Podcast]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 14, 2020

• Artificial Intelligence: Governance and Ethics [Video]

  ARTIFICIAL INTELLIGENCE |  By James Maguire,
  September 13, 2020

• IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI

  FEATURE |  By Rob Enderle,
  September 11, 2020

• Artificial Intelligence: Perception vs. Reality

  FEATURE |  By James Maguire,
  September 09, 2020