Anti-Virus Protection for WMF Flaw Still Inconsistent

Filed under: — By Aviran Mordo @ 3:12 pm

Days after the revelation of a flaw in Windows’ handling of WMF graphics files, dozens of exploits are being spread from thousands of adware sites. But good protection is available.

At the same time, further testing confirms that a workaround issued by third parties and endorsed by Microsoft Corp. is effective in most regards, and in the most important circumstances, but not in all. Also, the workaround has side effects that could prove troublesome.

AV-Test, which tests anti-malware products, has been tracking the situation closely and has, so far, analyzed 73 variants of malicious WMF files. Products from the following companies have identified all 73:

  • Alwil Software (Avast)
  • Softwin (BitDefender)
  • ClamAV
  • F-Secure Inc.
  • Fortinet Inc.
  • McAfee Inc.
  • ESET (Nod32)
  • Panda Software
  • Sophos Plc
  • Symantec Corp.
  • Trend Micro Inc.
  • VirusBuster

These products detected fewer variants:

  • 62 — eTrust-VET
  • 62 — QuickHeal
  • 61 — AntiVir
  • 61 — Dr Web
  • 61 — Kaspersky
  • 60 — AVG
  • 19 — Command
  • 19 — F-Prot
  • 11 — Ewido
  • 7 — eSafe
  • 7 — eTrust-INO
  • 6 — Ikarus
  • 6 — VBA32
  • 0 — Norman

The difference for the more effective products is likely to be heuristic detection, tracking the threat by identifying the basic techniques of the exploit, rather than looking for specific patterns for specific exploits.

Source: eweek


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress