By Greg Sandoval
Staff Writer, CNET News.com
February 2, 2006
Competing hacker groups in Russia were peddling the exploit code
responsible for the Windows Meta File attacks last December for
$4,000, according to security company Kaspersky Lab.
"One of the purchasers of the exploit is involved in the criminal
adware/spyware business," read a Kaspersky Lab quarterly report
released this week. "It seems likely that this was how the exploit
The WMF flaw unsettled security experts after they found that the
virus-writing community discovered the vulnerability before they did.
A slew of Trojan programs were written to try and take advantage of
the exploit. The British Parliament was attacked by hackers who tried
to exploit the WMF flaw.
MessageLabs, an e-mail filtering provider for the U.K. government,
said last month that targeted e-mails were sent to various individuals
within government departments in an attempt to take control of their
computers. The e-mails contained the exploit code.
A statement on the Kaspersky Lab site said more than a thousand
instances of malicious code were detected in a week. "As the
vulnerability was present in all versions of Windows, the situation
threatened to spiral out of control."
According to Kaspersky, the situation was mitigated by the holiday
season, when Internet use was much lighter than normal.
When the corrupt WMF files finally came to the attention of
anti-spyware experts, they were traced back to Web sites known to
spread advertising software surreptitiously to computers.
Security companies have lamented the practice by some Web advertisers
of paying others to distribute their software. Some of the more
unscrupulous among those are in the business of distributing exploits
that let them spread adware without the knowledge of computer users.
Copyright =A91995-2006 CNET Networks, Inc. All rights reserved.
InfoSec News v2.0 - Coming Soon!