There is a very serious security vulnerability going around right now, and it will infect computers by downloading trojan malware if you visit a malicious website with a specially formed image file (WMF), or show an infected .wmf file on your e-mail or your hard disk.

The exploit is currently being used to distribute the Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, Trojan.Win32.Small.ga and Trojan.Win32.Small.ev.

F-Secure has more information here and here. More information is available from Secunia as well.

Some sites with this exploit are crackz [dot] ws, unionseek [dot] com, www.tfcco [dot] com, Iframeurl [dot] biz, beehappyy [dot] biz. These should be blocked at your proxy or DNS Hosts file.

A workaround (while Microsoft does not release a patch) is to un-register the library processing these files by running regsvr32 /u shimgvw.dll from the command line. This will prevent your PC being infected, but it will also remove the ability to show thumbnails in File Explorer. Once Microsoft has released a patch you can restablish this library by running regsvr32 shimgvw.dll.

You should also not open or preview untrusted ".wmf" files and set security level to "High" in Microsoft Internet Explorer.

Systems affected include:

Microsoft Windows Server 2003 Datacenter Edition

Microsoft Windows Server 2003 Enterprise Edition

Microsoft Windows Server 2003 Standard Edition

Microsoft Windows Server 2003 Web Edition

Microsoft Windows Small Business Server 2003

Microsoft Windows XP Home Edition

Microsoft Windows XP Professional

Microsoft Windows Small Business Server 2003

Microsoft Windows Storage Server 2003

Microsoft Windows XP Tablet PC

Microsoft Windows XP Media Center 2004/2005

Microsoft Windows Server 2003 R2 Enterprise Edition

Microsoft Windows Server 2003 R2 Standard Edition