Hackers have created a range of Trojan programs which exploit a dangerous new Windows Meta File vulnerability. The vulnerability is rated critical, and so far, no patch has been issued.

The WMF vulnerability exists in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer.

Windows PCs infected by malware from the Trojan-Downloader Agent-ACD family are liable to download other malware programs onto a compromised machine as explained in an analysis by Russian anti-virus firm Kaspersky Lab here (http://www.viruslist.com/en/alerts?alertid=176701669).

Kaspersky advises users not to open untrusted files with a *.wmf extension. Users should also configure their Internet Explorer security settings to "high" as a precaution, it recommends. Anti-virus firms are updating signature definition files to detect the risk, and protection is now largely in place. ®

Related stories

NSA writes more potent malware than hacker (28 September 2007)
http://www.channelregister.co.uk/2007/09/28/nsa_hacker_malware_defense_project/
MS anti-Trojan shield fails to protect older Offices (6 June 2007)
http://www.channelregister.co.uk/2007/06/06/ms_anti-trojan_defence/
Malware authors subvert Windows Update (11 May 2007)
http://www.channelregister.co.uk/2007/05/11/vxers_subverts_windows_update/
MySpace adware attack hits hard (21 July 2006)
http://www.channelregister.co.uk/2006/07/21/myspace_adware_attack/
Virus writers at war (5 April 2006)
http://www.channelregister.co.uk/2006/04/05/vxers_at_war/
Hackers use BBC story to bait IE exploit (31 March 2006)
http://www.channelregister.co.uk/2006/03/31/ie_exploit_bbc_bait/
eEye issues workaround against unpatched IE flaw (28 March 2006)
http://www.channelregister.co.uk/2006/03/28/eeye_ie_workaround/
'Critical' IE bug threatens PC users (27 March 2006)
http://www.theregister.co.uk/2006/03/27/another_ie_security_flaw/
US man faces IRC Trojan charges (6 March 2006)
http://www.channelregister.co.uk/2006/03/06/irc_trojan_charges/
UK.gov repels zero day WMF attack (24 January 2006)
http://www.channelregister.co.uk/2006/01/24/uk_gov_wmf_attack/
Trojan blitz poses as credit card warning (23 January 2006)
http://www.channelregister.co.uk/2006/01/23/trojan_blitz/
More cracks appear in Windows (11 January 2006)
http://www.channelregister.co.uk/2006/01/11/ms_january_patch_tuesday/
Malware on tap scheme draws flak (10 January 2006)
http://www.channelregister.co.uk/2006/01/10/malware_distribution_project/
Microsoft backtracks on WMF patch (6 January 2006)
http://www.channelregister.co.uk/2006/01/06/microsoft_wmf_vulnerability_patch/
Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)
http://www.channelregister.co.uk/2006/01/05/windows_linux_unix_security_vulnerabilities/
Windows users waiting for serious fix (3 January 2006)
http://www.channelregister.co.uk/2006/01/03/windows_meta_file_hack/
World+dog scrambles to fight Windows flaw (3 January 2006)
http://www.channelregister.co.uk/2006/01/03/wmf_workaround/
MS releases IE überpatch (14 December 2005)
http://www.channelregister.co.uk/2005/12/14/ie_uberpatch/
Trojan exploits unpatched IE flaw (1 December 2005)
http://www.channelregister.co.uk/2005/12/01/ie_exploit_trojan/
Exploit for unpatched IE vuln fuels hacker fears (19 August 2005)
http://www.theregister.co.uk/2005/08/19/0day_ie_exploit_fears/
Firefox exploit targets zero day vulns (9 May 2005)
http://www.channelregister.co.uk/2005/05/09/firefox_0day_exploit/