MoMusings: Don't Look...

I told you not to look!

Too late, if the following screenshot was an e-mail you had previewed or opened on your system, and you hadn't patched or had other mitigating technologies or methodologies in place*, then your computer would now be infected. Yes, it would now belong to the 'Bad Guys and Girls'! You would be '0wn3d'.

Game over!

Here's the screenshot of the e-mail you might have already received:

Yes, I have doctored this screenshot, the real one is a little 'too risque' to post here!

The first picture, the one of 'Paris Hilton', barely wearing anything, is not 'bad'; what I mean is that this picture is not the problem in this spam e-mail, it is the 'bait'. The one to worry about is the second picture, which won't render [the one with the red diamond in the screenshot], as it isn't a real picture at all. It is a 'trojanised Windows MetaFile [WMF]' which has exploit code embedded in it to try and infect or take over your computer.

This e-mail arrived at my mail server just after midnight last night, and was quite rightly flagged as spam.

So, why am I flagging this now, I mean the exploit code used is old, and you should all be patched by now, you are patched, right? The reason I'm flagging this now is that this may well be a new phase of 'image' exploitation [in both senses of the word], such as this one using the 'WMF exploit', but I suspect we will see the same social engineering techniques used with other exploit code and droppers. In fact I know we will!

So, be careful out there when opening or even previewing e-mails, you may start a chain reaction which ends up with your system being turned into a zombie, and it's all downhill from then on...adware, spyware, malware, identity theft, keylogger, spam relay, phishing site hoster....You get the idea, don't you?

The site hosting the real and fake image files is still active as I write this, you have been warned!

Links to more WMF exploit information: