After just a few days of the release of WMF exploit, we now have it spammed through emails with these details.
Subject: happy new year
Body: picture of 2006
The WMF exploit is now really making a loud noise and from websites, exploited through website iframes and now spammed through mails. We even have reports of it being used in IM WORMS(We are still looking for this malware by the way, but we have already sent the links to our WebBlocking Team).
Again a warning to all users to be very alert. We also have a link to the fixtool mentioned in hexblog here. It is advised that the tool is used only as a hotfix and not a permanent solution. We should update and patch our systems immediately once Microsoft has released their update.
The spammed wmf file has already been passed to the service team.
Update(JoneZ, 02 January 2006 03:14:10)
The file HappyNewYear.jpg will be detected as TROJ_NASCENE.H.