The Windows Metafile vulnerability requires user interaction for
exploit, therefore it (to my knowledge) isn't worm-able. As to why we
didn't see a major virus outbreak, perhaps all the black-hats were
away on holiday :)
My personal hypothesis is that malicious virus writers really aren't
that smart. We might see some threat agents for this vulnerability in
a few months, after the real risk has passed. After all, a truly
intelligent person can make money or gain notoriety through less
dangerous and better paying means (perhaps as a vulnerability
researcher).
Any other theories?
On 9 Jan 2006 17:34:18 -0000, pejman.gohari_at_gmail.com
<pejman.gohari_at_gmail.com> wrote:
> Hi,
>
> The WMF threat was and continues to be important.
> But I'm curious to know why we didn't observe any important attack on Internet?
>
> WMF was a perfect Zero-Day attack and a scenario like the blackout of Internet was possible … but nothing … or no important attack!
> No BOT virus deployed? No DOS worm attack? …
>
> All hackers become white-hat?
> Or they attacked and we didn't see anything?
>
> Any hypothese / explanation ?
>
> Regards,
> Pejman
>
Received on Jan 11 2006
Intro
