There are reports of another spammed email which contains a URL, when visited launches a WMF file which downloads a malware.
The samples were forwarded to the Service Team for processing.
BTW, a Mozilla Firefox “InstallVersion.compareTo()” vulnerability is also used on the frontpage of the web site pointed by the URL. It affects older versions of Firefox. Firefox users are advised to update their browsers to the latest version which can be found in http://www.mozilla.com/.
Update(JoneZ, 05 January 2006 04:17:53)
The WMF file will be detected as TROJ_NASCENE.AE while the page exploiting the Firefox “InstallVersion.compareTo()” vulnerability is to be detected as HTML_SPRAY.A.