Well, it seems to me you are making a huge assumption here: That not much bad actually happened. It has been my experience that when people who know what they are doing set out to exploit a system, there is very little, if any, evidence left. Why do you assume that an attack (or more likely, many attacks) did not occur that simply have not been detected/observed?
It is not difficult to create an exploit for this issue that is not detectable via antivirus or IDS/IPS, and is also relatively easy to create something that is very covert in what it does to avoid observation. And with the "me too" attention that this issue is generating (i.e. the follow on WMF exploits posted today by cocoruder - which are not addressed by MS06-001), I don't think that we have seen the end of these WMF issues, not by a long shot. Cheers, Patrick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, January 09, 2006 9:34 AM To: [email protected] Subject: WMF Threat OK , but no huge attack ... WHY ? Hi, The WMF threat was and continues to be important. But I'm curious to know why we didn't observe any important attack on Internet? WMF was a perfect Zero-Day attack and a scenario like the blackout of Internet was possible ... but nothing ... or no important attack! No BOT virus deployed? No DOS worm attack? ... All hackers become white-hat? Or they attacked and we didn't see anything? Any hypothese / explanation ? Regards, Pejman
