Latest report is that the exploit installs if you even download or index an infected WMF file. In other words if you use Google Desktop, which automagically touches your media files, then your system will be trojaned faster than you can say “how convenient”. No known patches are available.

F-secure, as usual, is ahead of the game with a new signature that detects the three variations already in the wild. They also have a pointer to Sunbelt who has a link to BugTraq.

Sparse information so far, but the early responders seem pretty concerned and recommending that WMF be filtered and/or all traffic be blocked to the following sites:

Crackz.ws
unionseek.com
www.tfcco.com
Iframeurl.biz
beehappyy.biz

This seems far more serious than a Saudi teen winning a secular talent competition, so let’s hope someone higher-up issues the appropriate fatwa and/or is able to shutdown or block traffic at the carrier level.