[funsec] WMF 0-Day Exploit

Fergie fergdawg at netzero.net
Wed Dec 28 10:17:38 CST 2005

A couple of interersting F-Secure blog entries:


Most importantly, the domains serving up this stuff, and one
humorous note:


And funnily enough, according to WHOIS, domain beehappyy.biz is owned by a previous president of Soviet Union:

  Registrant Name: Mikhail Sergeevich Gorbachev
  Registrant Address1: Krasnaya ploshad, 1
  Registrant City: Moscow
  Registrant Postal Code: 176098
  Registrant Country: Russian Federation
  Registrant Country Code: RU

"Krasnaya ploshad" is the Red Square in Moscow...



- ferg

ps. And, apparently it is really easy to get burned by this
exploit, so we will probably start seeing other domains/hosts
serving it up before Microsoft gets a patch out for it.

"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/

More information about the funsec mailing list