Just got an alert from AVERT, McAFee's labs, stating that new WMF exploit code is being sent out in spam. The spam contains a payload consisting of a Backdoor-CEP variant.
McAfee has released sigs to detect this:
* Extra DAT file released now; http://www.webimmune.net/extra/getextra.aspx
* Planning to release regular DAT file (4664) on 1/1/06
New years present for McAfee customers.