WMF exploitation has taken off in the past twelve hours. It's likely that WMF exploitation will be very successful in the near term.
Historically, risk is much higher with Windows operating systems than Unix/Linux. How can I say that, look at all the major attacks. Which ones had the greatest likelihood and impact for 2005? Windows hands down.
Then, we thought maybe the police had gotten inside the group that made Sober and might be close to an arrest. But now it's likely that they found a date coded inside an earlier version of the worm.
Pay for one commercial package and add one or more free programs. Set the primary package to scan all the time and use the second ary programs only when you need them, so they don't conflict. It's like getting a second opinion from a doctor.
The threat level for this vulnerability may be dramatically increased if more automated methods of distribution are found to be successful, such as e-mail or IM or file shares. The impact of attacks may also increase, with more sinister codes being installed as new hackers attempt to leverage the vulnerability to their advantage.
A new, upgraded WMF exploit was posted to the public today and is highly functional.
We did reverse engineering on the variants, and found this date in the code. The way this works is that at a pre-determined time, computers already infected with Sober will connect with specified servers and download a new payload, which will likely be spammed out in the millions, as was the last version.
We don't know if it's fraud-related or whatever. Clearly, they're being silently and illegally installed, at a minimum, for personal profit and they may also involve fraud or exploitation. I think the next week is going be the most telling and the most significant in terms of risk.
The attack, if it comes, could come anytime after the afternoon and the evening of the 5th.
Copyright © 2024 Electric Goat Media. All Rights Reserved.