[funsec] WMF 0-Day Exploit

Fergie fergdawg at netzero.net
Wed Dec 28 10:17:38 CST 2005


A couple of interersting F-Secure blog entries:

http://www.f-secure.com/weblog/#00000752
http://www.f-secure.com/weblog/#00000753

Most importantly, the domains serving up this stuff, and one
humorous note:

[snip]

And funnily enough, according to WHOIS, domain beehappyy.biz is owned by a previous president of Soviet Union:

  Registrant Name: Mikhail Sergeevich Gorbachev
  Registrant Address1: Krasnaya ploshad, 1
  Registrant City: Moscow
  Registrant Postal Code: 176098
  Registrant Country: Russian Federation
  Registrant Country Code: RU

"Krasnaya ploshad" is the Red Square in Moscow...

[snip]

;-)

- ferg

ps. And, apparently it is really easy to get burned by this
exploit, so we will probably start seeing other domains/hosts
serving it up before Microsoft gets a patch out for it.


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the funsec mailing list