RE: Static Blocking for the WMF Exploit - over 50known variants

["Discussion Lists" <discussions () lagraphico com>]

Sorry if this was asked before, but how do I know if my machine has been compromised?  I am working on a way to contain 
any damage caused by this exploit, and it would be helpful to know for sure that what I am doing is working or not 
working.
 
Thanks!

        -----Original Message-----
        From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On 
Behalf Of Todd Towles
        Sent: Thursday, December 29, 2005 7:16 AM
        To: full-disclosure () lists grok org uk
        Subject: [Full-disclosure] Static Blocking for the WMF Exploit - over 50known variants
        
        
        Sunbelt has released several sites that are being used to spread bad WMF files 
         
        http://sunbeltblog.blogspot.com/2005/12/more-than-50-wmf-variants-in-wild.html  
<http://sunbeltblog.blogspot.com/2005/12/more-than-50-wmf-variants-in-wild.html > 
         
        I have added this sites into my static blocking, but this isn't a great method..but it can only help at this 
point. Wanted to share this information. 
         
         -Todd
        
        
         

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/