AMD forum users exposed to WMF worm

Visitors to AMD's forums were presented with an infected .wmf image file

AMD's user forums were yesterday found to be hosting a worm that attempted to infect visitors using the well documented Windows WMF vulnerability. 

Users visiting the site were presented with a download of a .wmf image file which carries a malicious payload. The image appeared to be linked to an adware affiliate website called toolbardollars.biz.

Microsoft was caught out in early January when online criminals started exploiting a vulnerability in the way that Windows renders images in the Windows Meta Files format.

The software giant eventually issued an out-of-cycle patch for the flaw, which it does in only rare cases.

AMD's forums website was no longer harbouring the worm at the time of this story's publication, and a spokesman for the company told vnunet.com that the issue had been resolved. 

AMD blamed the problem on a third party that handles the user forums for the chipmaker.

This company had failed to apply a software patch to the service, according to the spokesman, exposing users to the potentially harmful .wmf file. He declined to identify the third party.

The spokesman emphasised that users with fully patched systems had at no time been at risk of infection.

Security vendor F-Secure reported the AMD worm on its blog on Monday and warned users not to visit the website.