User Panel
Posted: 1/3/2006 7:50:28 PM EDT
http://msnbc.msn.com/id/10684853/
Windows PC's face 'huge' virus threat By Kevin Allison in San Francisco Updated: 1:41 a.m. ET Jan. 3, 2006 Computer security experts were grappling with the threat of a new weakness in Microsoft's Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.The news marks the latest security setback for Microsoft, the world's biggest software company, whose Windows operating system is a favourite target for hackers. "The potential [security threat] is huge," said Mikko Hyppvnen, chief research officer at F-Secure, an antivirus company. "It's probably bigger than for any other vulnerability we've seen. Any version of Windows is vulnerable right now."The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image. "We haven't seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability," Mr Hyppvnen said. He said that every Windows system shipped since 1990 contained the flaw.Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. "We are working closely with our antivirus partners and aiding law enforcement in its investigation," the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources. Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend. "We've received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable," wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats. The company could not be reached on Monday for comment Copyright The Financial Times Ltd. |
|
For the next few days until MS issues a patch,
cut back on the porn and warez sites, guys. Yer gonna get bit. |
|
Isnt this technically old news? I thought the potential was always there.
|
|
same ole shit diffrent day.
over 15 years of using a computer and only 2 virus both not my fault one my uncle had a floppy with michael angelo on it way back in the day and the other was my friend was using my comp to check his e-mail and opened a unknown file he got in a spam letter. both got very chewed out for it. |
|
There are a couple hundred samples of code out to exploit this weakness - it's a big one.
Run regsvr32 -u shimgvw.dll to temporarily disable the "thumbnail" view which is what the bug exploits. After Microsoft releases a patch on the 10th of January run regsvr32 shimgvw.dll to turn thumbnails back on. |
|
The big news now is that this Microsoft backdoor exists in every version from 15 years ago all of the way to the newest versions of Vista. The other big deal is that anyone can do anything with your Microsoft Windows computer just by getting you to view a web page that contains a .wmf image.z |
|
|
In other late breaking news, it has been determined that the Pope is Catholic. |
|
|
Why would one of the sickos that write viruses waste their time writing viruses for any of the other 5% of computers in the world that don't run windows?
The virus threat for windows is 'huge' because it's on 95% of the worlds computers! Duh! |
|
From what I've heard there have been instances of supposedly above-board sites pushing the images. Hacking websites is old hat at this point. |
|
|
Finally found the energy over the holiday weekend to get my last computer upgraded to linux. For once, I can brush off a Windows virus scare. WoHoo!
|
|
|
||
|
A big +1. \But I will soon have a Dell, courtesy of Uncle Sam and school.... |
|
|
Thx Paul that worked. |
|
|
That's not the point. When you click on your favorite Asian Shemale Porn site the next time, they may have put a WMF in the page. |
|||
|
Well, if you use Firefox, it will not open the file automatically. |
|
|
or opera. I never use IE unless I have to "windows update" but the auto dl critical updates I dont even need it for that. |
||
|
This obviously is going to be difficult to patch. And the delivery device doesn't simply have to be clicking on a thumbailed image.
|
|
I'm not scared. 15 years of computing, and my personal machines haven't been hit yet.
Update the patches, keep your firewall in good shape, don't hit crappy sights, don't open attachments, and keep a backup. |
|
Why? Push out a new thumbnail component without the vulnerability. Why is that difficult? |
|
|
/. article |
||
|
The threat for windows is huge because windows is full of vulnerabilities, not because of the number of windows machines. The Apache web server is the most widely deployed web server on the web, yet it has had few exploits. Most of the web server exploits are for microsoft iis. /me pets BSD and Linux |
|
|
Sorry, I didn't mean to imply that it would be difficult to write the patch, just to actually patch all the machines out there in a timely enough manner considering the potential promiscuity of the virus. (should it even exist yet) |
||
|
old info: http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_2.htm doesn't work with new variants. |
|
|
Just a bit of sensationalism from a financial rag.
Yep, its a newfound vulnerability. Yep, you need to take some reasonable precautions. But it's NOT fatal -- this is the way of our brave new world. There will always be some giggling, acne-faced moron taking shots at the Big Player in the OS game. In a few days, it will all be history, and we can be free to move on to the next "sky is falling" scenario... yawn... pace yourself folks -- this kinda crap is going to be happening for a long time. If we get breathless every time some social reject working from his Mom's basement manages to rub two brain cells together and release a virus, we'll all hyperventilate. |
|
uhh oh. I think my PC has something up with it. All the icons on the desktop disapear then reappear a second later. Almost like a warm start.
I ran Trendmicro virus scan, adaware and Microsoft antispyware...nothing detected. But my icons are still cycling. Also, nothing weird in the taskmanager. |
|
|
|
wtf is a poc sploit! I need to know! |
|
|
No, not really. Did you even do any research on the exploit? All you need to do is visit a web site. Not open an infected file set in an email or some other way. antivirus.about.com/od/virusdescriptions/a/wmfexploit.htm |
|
|
All shits and giggles until something goes and no one can help you! Let alone there is almost no support for mac people. Just some poor beta-max person in a VHS world. |
|
|
The XP SP2 autoupdate stuff should help out once Microsoft actually releases the patch next week. However, that's only going to take care of some of it.... |
|||
|
That's why it's so bad...it can be exploited almost anywhere. And since it's a OS flaw and not a browser flaw, it doesn't matter if you're using firefox or opera. For now I've turned off images in firefox...I'm getting nothing but text and empty boxes. And I'm reducing the features on my email programs as well. It's crippling the software but this one is so potentially dangerous it has to be done. |
||
|
Painful burning urination, for starters. |
|
|
The flaw allows a wide variety of bad payloads, so there is no single symptom. It could be anything from a program allowing someone else to control your system to a program to erase every file on your system. |
|
|
It has to be a .WMF file thu all u have to do it tell your browser to not load WMF files. |
||
|
antivirus.about.com/od/virusdescriptions/a/wmfexploit.htm |
||||
|
I got it.
CWS_SE.-50000 TRAK_SE.10419 Trend Micro detected these. CYA...gotta reformat now. later |
|
The fuckers infecting your computer when you visit your favourite gay porn site. Didn't you read the article at all!?!? And whoever said Firefox is safe, is dead wrong, this affects both IE and Firefox. Just disable rendering WMF's. Done and done. 1. Click on the Start button on the taskbar. 2. Click on Run... 3. Type "regsvr32 /u shimgvw.dll" to disable. 4. Click ok when the change dialog appears. iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above. ETA: SANS approved hotfix here: http://handlers.sans.org/tliston/WMFHotfix-1.4.msi |
|||
|
Sign up for the ARFCOM weekly newsletter and be entered to win a free ARFCOM membership. One new winner* is announced every week!
You will receive an email every Friday morning featuring the latest chatter from the hottest topics, breaking news surrounding legislation, as well as exclusive deals only available to ARFCOM email subscribers.
AR15.COM is the world's largest firearm community and is a gathering place for firearm enthusiasts of all types.
From hunters and military members, to competition shooters and general firearm enthusiasts, we welcome anyone who values and respects the way of the firearm.
Subscribe to our monthly Newsletter to receive firearm news, product discounts from your favorite Industry Partners, and more.
Copyright © 1996-2024 AR15.COM LLC. All Rights Reserved.
Any use of this content without express written consent is prohibited.
AR15.Com reserves the right to overwrite or replace any affiliate, commercial, or monetizable links, posted by users, with our own.