Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Oldest infected .wmf? InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Oldest infected .wmf?

Published: 2006-01-04
Last Updated: 2006-01-04 22:28:20 UTC
by Marcus Sachs (Version: 1)
0 comment(s)
We have a little project for all of the forensic treasure hunters out there.  As you all know, the .wmf issue came into public view about a week ago.  Since then, we've found that there are infected .wmf files with dates going back several weeks, so this little beauty has been around for a while.  What we are looking for are any confirmed intrusions earlier than the first of December 2005 that can be traced to this current vulnerability.  By confirmed, we mean that not only is the date of an infected .wmf file on a compromised system earlier than December 1st, but you can also prove that it was installed prior to December 1st and had some type of malicious payload embedded in it.  Tell us whatever you can share, and we'll summarize the details for others.  There's no prize for the earliest detect, but we are pretty sure that many would be interested in knowing how long this vulnerability has been actively exploited.

0 comment(s)
Diary Archives