New "HUGE" windows Virus/Exploit

Windows PCs face ‘huge’ virus threat
By Kevin Allison in San Francisco
Published: January 2 2006 18:18 | Last updated: January 2 2006 22:19

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.

Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.

Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.

Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.

The company could not be reached on Monday for comment.

http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html

 

I heard it hijacks your PC and makes it post inflammatory DP posts about other members.



tom

 

For example



You think it was just a harmless picture of a hamster but in reality your computer has already been infected.

So far the best action you can take is to close your eyes as soon as you see some image coming up.

 

I hate when this happens. The person who discovered it has an obligation to report it to Microsoft secretly and not disclose it until Microsoft releases a patch for it.

 

Yeah this sucks. Spyware is becoming increasingly annoying and is a danger to your pc. Can a good spyware program block them. Is it necessary to rely on Microsoft?

 

This security hole has been around for a long time. Microsoft disclosed the flaw in '04

http://it.slashdot.org/it/04/09/23/1151233.shtml?tid=128&tid=172&tid=201&tid=109

http://it.slashdot.org/it/04/09/14/2226226.shtml?tid=172

I put together some code to show the exploit to a few friends, but it took me like a week to figure it out. There's been sample code around, but it's not that easy to roll your own. Maybe someone came up with a utility to build your own command string into it.

 

Nevets,

I thought I had heard of this before a while back - but nothing ever came of it. I'm guessing the reason it's news now is that hackers actually released code to anyone who wants it...

 

Check out this work around so you would not be affected by this http://sunbeltblog.blogspot.com/2005/12/workaround-for-wmf-exploit.html exploit.

 

This is actually a new vuln. The old one is for JPEG images, this one is for WMF images.

 

I posted a workaround on my blog a few days back .. last year, in fact. Heh.

.

 

If it was that easy to fix, surely Microsoft would have issued a fix by now?

 

I havn't used some antivirus for years and I still havn't got any virus.. I use XP.. HAHAHA

 

I'm sure GWB is behind this somehow!! He wants to know what everyone is doing as any good dictator would....

 

That temporary fix mcfox posted is straight from the horse's mouth.

http://www.microsoft.com/technet/security/advisory/912840.mspx

Read the section "Suggested Actions". Microsoft admits it's not a permanent fix, and only prevents infection via the "known attack vectors".

 

It's not a fix so much as a temporary workaround. As torunforever says, it's straight from the horse's mouth until they get something a bit better off the bench.

 

i heard firefox 1.5 is the only browser that gives a message weither it should open or deny a .wmf file..

so with FF your save... maybe?

 

And with IE you open?

 

well yes

but IE sucks in more than that... just use firefox

 

I was referring to the "Open or Save" dialog box that pops up when you click on links!

 

The "patch" is almost done. Hopefully next week!

http://www.cnn.com/2006/TECH/internet/01/04/microsoft.patch.reut/index.html

Apparently, they wanted to motivate the programmer. LOL