Tweet
Microsoft is in the early stages of testing it's patch but it is reported to not be available for download till early next week. In the mean time, here is a list of sites to block that the exploit uses to download spyware from.
toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz
freecat[dot]biz
Replace the [dot] with an actual dot. If you don't know how to block sites, with IE open, click Tools/Internet Options then click Security, restricted sites and then the Sites box on the right and enter them in.
This is still not a "FIX" but can reduce your chances of getting it.
If you live under a rock or are just not aware of the exploit, it is a nasty one. My employee set up a simulated system with an infected file and he said it infects you just as fast as the demonstration you may have viewed shows. Users can be infected simply by visiting a web site with an image file containing the WMF exploit. Internet Explorer users are at the greatest risk of automatic infection while Firefox and Opera browser users are prompted with a question whether they’d like to open the WMF image or not. They get infected too if they answer ‘Yes’.
Matt
toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz
freecat[dot]biz
Replace the [dot] with an actual dot. If you don't know how to block sites, with IE open, click Tools/Internet Options then click Security, restricted sites and then the Sites box on the right and enter them in.
This is still not a "FIX" but can reduce your chances of getting it.
If you live under a rock or are just not aware of the exploit, it is a nasty one. My employee set up a simulated system with an infected file and he said it infects you just as fast as the demonstration you may have viewed shows. Users can be infected simply by visiting a web site with an image file containing the WMF exploit. Internet Explorer users are at the greatest risk of automatic infection while Firefox and Opera browser users are prompted with a question whether they’d like to open the WMF image or not. They get infected too if they answer ‘Yes’.
Matt
Comment