Re: Warning. New Windows vulnerabilty.


"Pooh Bear" <rabbitsfriendsandrelations@xxxxxxxxxxx> wrote in message
news:43B89D8F.B8A71267@xxxxxxxxxxxxxx
> Found this elsewhere.
>
> In short - wmf files can carry viruses. Because they can be renamed as
> other media types you are actually equally vulnerable from jpgs, gifs
> or whatever.
>
> Infection will occur if your email application allows a *preview* of a
> infected file. Turn off the preview function.
>


Where is this in IE? I can't find it.

Cheers,

Gareth.



> Even browsing the net with Internet Explorer is now considered unsafe.
> The safest browser to use is Opera.
>
> Existing anti-virus applications are poorly equipped to detect this
> style of virus.
>
> Google ( and possibly other ) toolbars index all files on your hard
> dirve. If any one is infected this way - then you will get the
> infection. Remove all toolbar applications.
>
> Microsoft has at this time no fix.
>
> The information below is already out of date but may be helpful
>
> ------------------------------------------------------------------------------------------------------------------------------------------------
>
>
>
> To All,
>
> Last night, a very dangerous computer worm was released on the
>
> internet. It is carried on Windows Metafile images and automatically
>
> executes with no user interaction. With Microsoft Explorer or
>
> Outlook, you are automatically infected if you recieve infected
>
> email or view a site with the worm. The problem is Windows WMF files
>
> have the capability to execute external code. This is a virus
>
> writer's dream. He can do anything he wants.
>
> The structure of the worm means it will be difficult or impossible
>
> to detect by antivirus programs, and it may be extremely difficult
>
> or impossible to remove from your computer.
>
> Microsoft has no patch at the moment, and the procedure they
>
> currently recommend to reduce the hazard of infection may not work.
>
> Here's more info:
>
> ------------------------------------------------------------------
>
> Going back to the wmf vulnerability itself, we see number of sites
>
> mention that shimgvw.dll is the vulnerable file.
>
> This doesn't seem correct as it's possible to exploit a system on
>
> which shimgvw.dll has been unregistered and deleted. The
>
> vulnerability seems to be in gdi32.dll.
>
> So while unregistering shimgvw.dll may make you less vulnerable,
>
> several attack scenarios come to mind where the system can still
>
> be compromised.
>
> http://isc.sans.org/diary.php?storyid=992
>
> ------------------------------------------------------------------
>
> This may be the worst worm that anyone could possibly invent. Here's
>
> a portion of a summary by a Slashdot reader:
>
> ------------------------------------------------------------------
>
> It's worse than that(Score:1, Insightful)
> by Anonymous Coward on Sunday January 01, @01:11PM (#14374914)
>
> [...]
>
> This is looking truly horrible. On Tuesday morning zillions of
>
> Windows desktops will be fired up for the first time in a week or
>
> two. This thing's already in widespread use by a number of malware
>
> distribution networks for the usual reasons. As such it's a
>
> nightmare for network and system admins with Windows machines to
>
> look after (and us security people trying to provide advice &
>
> assistance for them...)
>
> [...]
>
> I will stick my neck out here and make a prediction. Virtually all
>
> organisations with Windows machines are effectively wide open to
>
> total compromise by a reasonably informed person. That means much
>
> of the IT dept as well as significant numbers of the 'interested
>
> poweruser' types, developers with a casual interest in security,
>
> and anyone who's heard of this and is capable of running the
>
> findingm, running and using the new exploit, basically. Of course
>
> we're all tweaking our IDSes and antivirus, locking things down as
>
> tight as possible in the 48 hours remaining, but... *shudder*.
>
> For ten years I've been waiting for Microsoft's luck to run out.
>
> This is about #3 on my list of catastrophic MS incidents. There
>
> aren't many ways things could be worse.
>
> url: http://it.slashdot.org/it/06/01/01/1550258.shtml
>
> ------------------------------------------------------------------
>
> Other sites confirm the serious nature of the problem:
>
> ------------------------------------------------------------------
>
> Re: WMF Vulnerability leads to compromised computers
>
> *** ALL USES OF WINDOWS, PLEASE READ BELOW. ***
>
> There is a very major security problem with Windows, all variants
>
> back to Windows 98.
>
> All systems are at risk. Many are already infected. There are few
>
> options for an effective defense.
>
> See our web page on this issue:
>
> http://www.softprose.com/information/antivirus/wmf.shtml
>
> Greetings,
>
> This is an urgent advisory of a real-life threat to all Windows
>
> computers.
>
> The Windows Metafile Format (*.WMF) image format, developed by
>
> Microsoft, has been shown to have a critical flaw that allows ALL
>
> VARIANTS of Windows computers after and including Windows 98 to be
>
> taken over by criminals SIMPLY BY VIEWING images on a web page or
>
> images contained in Email- Including preview.
>
> The WMF vulnerability is not a virus in itself- it is, instead,
>
> known as an "Exploit", or a pathway that a Virus (or spyware, or
>
> any number of malware variants) can use to be inserted into a
>
> computer. Unfortunately, the bad guys found this hole before the
>
> "white hats" got involved, so this problem is already showing up
>
> on user's computers.
>
> This is a SEVERE problem, that is already being exploited for
>
> commercial and criminal gain. The spyware program "Winhound" is
>
> the most common, and prominent, example using this security hole,
>
> but many other programs have been found that are taking advantage
>
> of it. Many of these programs use stealth techniques to hide on
>
> your PC, and record keystrokes, logins, credit card, and all sorts
>
> of other information of interest to criminal enterprises.
>
> Other commercial programs using this security hole include
>
> Winfixer and AVGold. There will probably be many more
>
> Although Winhound is a very busy, obvious, and obnoxious
>
> infestation, it is not the worst- the worst infestation is that
>
> which you do not know about. There is no defense currently
>
> available for this problem, and fully-patched systems are being
>
> infected. No current antivirus software is defending against this
>
> threat. As there is a direct financial incentive, the number and
>
> variety of softwares using this security flaw are expanding
>
> exponentially in number.
>
> This has the capacity of being the single greatest security threat
>
> ever discovered. The number of machines that are vulnerable
>
> include every single Windows computer in the world. There is
>
> currently no organized defense. The number and variety of attacks
>
> are quite large, and they are not being addressed at this time by
>
> security products.
>
> The pictures DO NOT NECESSARILY have a *.WMF extension! WMF files
>
> will execute just fine if they are called *.gif, *.jpg, *.bmp, and
>
> other names! ANY GRAPHIC FILE can conceal the infection.
>
> url: http://www.aota.net/forums/showthread.php?p=143053
>
> ------------------------------------------------------------------
>
> Everyone recommends to stop using the Microsoft Explorer browser and
>
> switch to Firefox. Firefox is still vulnerable, but at least it
>
> requires you go through a user dialog to execute the worm. Here is
>
> the Firefox url:
>
> http://www.mozilla.com/firefox/
>
> I use Opera 8.51, but I haven't found if it is vulnerable.
>
> Now's the time to back up all your critical files on a separate
>
> computer and keep it away from the web.
>
> Best Wishes and Good Luck to All.
>
>
>


.

Relevant Pages

  • Re: Warning. New Windows vulnerabilty.
    ... security center warning by putting a popup in systray that says your ... see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Re: Warning. New Windows vulnerabilty.
    ... >security center warning by putting a popup in systray that says your ... >see how this new vulnerability will affect users, ... It is carried on Windows Metafile images and automatically ... >>> currently recommend to reduce the hazard of infection may not work. ...
    (rec.audio.pro)
  • Patch to fix the latest Windows XP WMG meta file vulnerability.
    ... Windows WMF Vulnerability News & Updates ... Anti-Virus vendors quickly updated and began pushing out their A-V ... Ilfak has produced a WMF Vulnerability Checker? ...
    (misc.survivalism)
  • Warning. New Windows vulnerabilty.
    ... In short - wmf files can carry viruses. ... Infection will occur if your email application allows a *preview* of a ... It is carried on Windows Metafile images and automatically ... Going back to the wmf vulnerability itself, ...
    (rec.audio.pro)
  • Re: Patch to fix the latest Windows XP WMG meta file vulnerability.
    ... Then I downloaded the patch test program and ran it. ... >Windows WMF Vulnerability News & Updates ... > Ilfak has produced a WMF Vulnerability Checker? ...
    (misc.survivalism)
Loading