Ilfak Guilfanov's personal Web site has been taken offline by his hosting provider after hordes of Microsoft users scrambled to download his unofficial patch against the Windows Metafile vulnerability.
According to antivirus firm F-Secure, demand for the unauthorised Windows Meta File (WMF) patch developed by Guilfanov was so high his hosting provider temporarily shut his Web site on Wednesday morning.
The site was temporarily closed as "half the planet tried to download WMFFIX_HEXBLOG.EXE." reported F-Secure in its blog. "The resulting traffic amounts were so huge that his hosting provider actually shut his site down."
At the time of writing, the unofficial patch is again available from Guilfanov's site. It is also available from the Sunbelt Blog.
Microsoft has advised businesses not to use the patch, as the company cannot guarantee it will work. But with no official patch is due to be released until next week, security experts are urging businesses to use the unofficial patch because of the serious nature of the WMF vulnerability.
The WMF flaw can be used by malicious software to surreptiously install spyware on a user's PC or allow a hacker to control the machine remotely.
Several attacks have been detected since late December, and on Wednesday experts detected another Trojan horse that exploits the WMF vulnerability. F-Secure also " target="_new">warned this malware was spreading in spam emails that claimed to come from Yale University.
To minimise risk from these Trojans, systems administrators have been advised by F-Secure to block user access to the following:
- HTTP access to playtimepiano[dot]home[dot]comcast[dot]net
- TFTP (ie. UDP) access to 86.135.149.130
- IRC access to 140.198.35.85:8080
- IRC access to 24.116.12.59:8080
- IRC access to 140.198.165.185:8080
- IRC access to 129.93.51.80:8080
- IRC access to 70.136.88.76:8080
F-Secure warned businesses and systems administrators not to visit the HTTP address.
