Highly malicious code continue to spread through vulnerabilities in Windows system. The malware using this exploit, collectively named WMF/Exploit.B or W32/ Exploit.gen may infect your system through email, IM channels and web pages and can infect your computer without your knowledge. These trojans can install ad/spyware as well as backdoors and bots to remotely control your machine.

A few of days ago links to a working exploit of an unpatched vulnerability in Windows systems were published. Since then new exploits have been published along with toolkit for how to actually use the exploit. The potential for massive spread of malware using these exploits is high and all users of Internet should be extremely careful.

- The risk is high and there is potential for large scale infections. The recipe for how to use the exploit was published at the same time as the exploits themselves. This means fast spread of malware. The exploits enables Trojans and worms to infect computers without users having to do anything. Users can get infected when surfing a website, when reading an email or a message through a chat channel. They do not have to open or click on anything, and that is what makes it so dangerous, says VP business and marketing Audun Lødemel at Norman ASA.

Some of these trojans will install bots in the users’ computers. These bots will then be remotely controlled by hackers for performing various illegal activities. Other varieties will install ad-and spyware. In a worst-case scenario the exploit can be used to create fast spreading worms.

Norman has released a new set of virus detection files to detect and stop one of these trojans. Read more about the vulnerability and the malware at:

http://www.norman.com/Virus/Virus_descriptions/26842/
http://www.norman.com/Virus/Security_Advisory/2005/28003/

SAV25 Data Systems