New windows virus, please read

M

Montez

So Old I'm Losing Radiation Signs
http://www.securityfocus.com/brief/89

A previously unknown vulnerability in the Microsoft Windows graphics rendering engine is being exploited by several malicious Web sites to infect visitors' systems, security experts said on Wednesday.

The vulnerability can be triggered remotely and gives the attacker full system privileges. In the last 24 hours, three different Windows Meta Files (WMFs) have been detected trying to use the vulnerability to spread, according to antivirus firm F-Secure.

"Do note that it's really easy to get burned by this exploit if you're analyzing it under Windows," Mikko Hyppönen, chief research officer for F-Secure said in a blog posting. "All you need to do is to access an infected web site with IE (Internet Explorer) or view a folder with infected files with the Windows Explorer."

Increasingly, security and software companies are worried about vulnerabilities that are exploited without any previous warning. Called zero-day exploits, the attacks can compromise systems before software makers issue patches to fix a security issue. Last month, a security researcher attempted to sell a previously unknown vulnerability in Microsoft Excel on eBay. Several companies have marketed defenses against zero-day exploits and Microsoft has created a network of automated Windows systems, known as honeymonkeys, that browse the Web to find malicious code targeted at Internet Explorer.

Google Desktop users have to be particularly careful as the search giant's software indexes any downloaded image file, an action that will cause the exploit to immediately execute, according to security researchers. A Microsoft spokesperson said the company is currently investigating the reports.
Click to expand...


Long story short, update your anti-virus software, if possible set it to scan constantly, and run a full scan on your system - make sure to set it to scan ALL files, since this thing has already been found in .gif files, which anti-virus scanners will usually ignore.
 
WMF files, you say? How quaint. Beware the GDI Records of Doom.

Silencer said:
Montez said:
"All you need to do is to access an infected web site with IE (Internet Explorer)
Click to expand...

Figures.
Click to expand...
You took the word out of my mouth. This is God's way of saying "Switch to Firefox, fuckwits!"
 
I can't use Firefox on my own computer since it slows down too much. But since I don't have XP I'm in the clear anyway. Bwah!
 
Maybe we should start a PayPal account to buy Per a post-1995 computer.
 
Or we could start an online petition to ban Per from these boards for not owning a post-1995 computer.
 
That' be uncool, he like, wrote the best walkthroughs and all.

What about you, Comrade? What have YOU done for the Party?

/Petition to ban Ratty for not having multiple Raptor HDD's.
 
Wooz said:
/Petition to ban Ratty for not having multiple Raptor HDD's.
Click to expand...
Having multiple Raptor HDD's is totally excessive and unnecessary. Really. I think AnandTech did an in-depth analysis to prove it.

Petition cancelled.
 
I'm looking forward to seeing the entire computer center of my university explode as thousands of students access infested GeoCities websites with the only installed browser.
 
Yet somehow everyone seems to miss the fact that this is a problem residing in Windows, not in Internet Explorer. THe only reason that Firefox isn't affected is because it doesn't use the Windows library to open the infected files.
 
Sander said:
Yet somehow everyone seems to miss the fact that this is a problem residing in Windows, not in Internet Explorer.
Click to expand...
No, we didn't. I remarked about the GDI Records of Doom, didn't I? Duh.
 
Sander said:
THe only reason that Firefox isn't affected is because it doesn't use the Windows library to open the infected files.
Click to expand...

Good catch Sander, I just came to say that. You're still at risk if you use Firefox - firefox does download the file and keeps it in the cache, it just doesn't open it without you prompting it to. However, if you access it (or even attempt to manipulate it in any way with windows explorer, I've heard), then you're screwed.
 
Actually I bumped into one of those yesterday.

Firefox prompted me to download/open a WMF file -- which I obviously neglected.

I'm not sure if there's any way to trick Firefox into auto-downloading it -- if that's not possible, the only thing that can cause your PC to combust is the run-of-the-mill PEBKAC.
 
Sander said:
So, Per, been opening any HappyNewYear.jpg files yet?
Click to expand...

NO HE HAS NOT

THIS COMPUTER HAS NOT BEEN TAKEN OVER

THE VIRUS THREAT IS A HOAX

EVERYTHING IS AS IT SHOULD BE

CARRY ON

IT'S A GOOD DAY TO OPEN SOME PICTURE FILES DON'T YOU AGREE
 
Wow Montez your timing is impeccable.

I get home from work today with my Dad telling me he turned the computer off immediately when it gave him a message saying spyware was on it while he was browsing. Now he doesnt know much about PC's so I figured it was one of those "advertisements" from IE that tell you you have spyware and need to visit a private site.

I actually just got done removing the virus. I also noticed my favorites list now has a bunch of porn links added that I didnt add...and I was online only 10 hours ago. So I guess I know where the spyware came from...and what my Dad was doing.

:roll: ,
The Vault Dweller
 
You must log in or register to reply here.
Back
Top