Trend Micro has reported that they have found a worm in the wild that abuses the recently-discovered MS05-053 vulnerability, according to their analysis here. The vulnerability, published three days ago, was rated as critical. The discovery of a worm in the field this quickly could make for one of the fastest turn-arounds from patch publishing to discovery in the wild. But, Trend Micro says, upon further review, it's unclear whether the detection is accurate. CNET News's Joris Evers reports:
Trend Micro on Wednesday reported the discovery of a Trojan horse that it said attacked Windows users through an image rendering flaw in Windows, a day after Microsoft provided a fix for the bug. But it isn't so sure anymore.
The Trojan is referred to as "emfsploit.a" by the Tokyo-based antivirus company. Initially the antivirus software maker reported that the malicious code would crash "explorer.exe" on unpatched Windows machines. Explorer runs key parts of the Windows graphical user interface, including the Start menu, taskbar, desktop and file manager.
But late Thursday Trend Micro said its initial analysis of the Trojan might be incorrect.
"We asked another team to start the disassembly process again," said Raimund Genes, chief technologist for Trend Micro in Europe. That means researchers will reinvestigate the Trojan code to see what it does.
The full article is available here, and a brief mention at the Internet Storm Center is available here.
Posted
Nov 11 2005, 03:54 PM
by
trafton