Trojan could attack Tuesday's Windows flaw

Troj_emfsploit.A exhibits behaviour similar to the Enhanced Metafile vulnerability of MS05-053

Trend Micro claims to have discovered a Trojan horse that attacks Windows users through an image rendering flaw, just a day after Microsoft provided a fix for the bug.

The security firm said initially that the Trojan, referred to as 'emfsploit.a', crashes 'explorer.exe' on unpatched Windows machines.

But Trend Micro revised its statement later, saying only that it "exhibits behaviour similar to the Enhanced Metafile vulnerability of MS05-053" .

"Our Trend Labs team is currently working with Microsoft to resolve whether Troj_emfsploit.A does indeed fall under the category of code exploiting the MS05-053 vulnerability, or whether it is only a related piece of code but not totally exploiting MS05-053," the company said in a statement.

Trend Micro describes the new Trojan as a "proof of concept". It received one sample of the code from a customer in Japan, but it has not been detected anywhere else.

The company rates the overall risk as 'low', but the speed at which the exploit was developed has raised concerns in the industry.

Alan Bentley, UK managing director of patch management vendor PatchLink, said: "The emergence of this exploit within just 48 hours of Patch Tuesday just reinforces the movement towards zero-day attacks.

"As virus writers become more sophisticated, IT staff will really be tested when it comes to security protection.

"The time to patch has been diminishing for some time, and it is only a matter of time before we are faced with hours to patch rather than days."