[funsec] WMF 0-Day Exploit
Fergie
fergdawg at netzero.net
Wed Dec 28 10:17:38 CST 2005
A couple of interersting F-Secure blog entries:
http://www.f-secure.com/weblog/#00000752
http://www.f-secure.com/weblog/#00000753
Most importantly, the domains serving up this stuff, and one
humorous note:
[snip]
And funnily enough, according to WHOIS, domain beehappyy.biz is owned by a previous president of Soviet Union:
Registrant Name: Mikhail Sergeevich Gorbachev
Registrant Address1: Krasnaya ploshad, 1
Registrant City: Moscow
Registrant Postal Code: 176098
Registrant Country: Russian Federation
Registrant Country Code: RU
"Krasnaya ploshad" is the Red Square in Moscow...
[snip]
;-)
- ferg
ps. And, apparently it is really easy to get burned by this
exploit, so we will probably start seeing other domains/hosts
serving it up before Microsoft gets a patch out for it.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg at netzero.net or fergdawg at sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
More information about the funsec
mailing list