Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows PCs face ‘huge’ virus threat
Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco

Posted on 01/02/2006 3:54:03 PM PST by Swordmaker

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.

Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.

Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.

Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.

The company could not be reached on Monday for comment.


TOPICS: Extended News; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; patch; security; securityflaw; spyware; trojam; trojan; userfriendly; virus; virusbait; viruses; vulnerability; windows; wmf; worm
Navigation: use the links below to view more comments.
first 1-5051-100101-150151-200201-205 next last

1 posted on 01/02/2006 3:54:05 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: backhoe

ping.


2 posted on 01/02/2006 3:55:08 PM PST by Jet Jaguar
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Every version of Windows released since 1990 is affected.

The internet is going to be a might plain looking place without any graphics...


3 posted on 01/02/2006 3:55:11 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

In other news, water is wet, the sky is blue, and women are hard to understand sometimes.


4 posted on 01/02/2006 3:57:06 PM PST by mysterio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

People need to switch over to Mac.


5 posted on 01/02/2006 3:57:27 PM PST by LEPEN
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Reminds me one more time why I love my Mac!


6 posted on 01/02/2006 3:57:42 PM PST by Laserman
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker
Get Root!
7 posted on 01/02/2006 3:58:36 PM PST by Uri’el-2012 (Trust in the YHvH for ever, for the LORD, YHvH is the Rock eternal. (Isaiah 26:4))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Wanted to ask anyone if turning off pictures from laoding in IE helps getting infected.


8 posted on 01/02/2006 3:58:51 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker
Go to this Gibson Research page and follow the instructions:

Windows WMF Vulnerability News & Updates

Steve Gibson is trustworthy.

9 posted on 01/02/2006 3:59:06 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

what's the bug? does it only affect web images loaded into Internet Explorer, or is any browser vulnerable?


10 posted on 01/02/2006 3:59:30 PM PST by oceanview
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

As noted on earlier threads, there is a temporary fix at:

http://www.grc.com/sn/notes-020.htm

Bookmark the page, so you can restore this function after Microsoft issues the patch. Gibson is reliable, and explains how to temporarily disable this function and re-enable it after the fix comes out.


11 posted on 01/02/2006 4:00:00 PM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Baraonda

helps getting infected = helps from getting infected.


12 posted on 01/02/2006 4:00:01 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker
Good advertisement for F-secure...


13 posted on 01/02/2006 4:00:19 PM PST by darkwing104 (Let's get dangerous)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Every version might be affected, but processors that support Data Execution Prevention aren't affected. AMD and Intel users with hardware DEP can turn it on and forget about it.


14 posted on 01/02/2006 4:00:19 PM PST by cabojoe
[ Post Reply | Private Reply | To 3 | View Replies]

To: oceanview
what's the bug? does it only affect web images loaded into Internet Explorer, or is any browser vulnerable?

Apparently any application that uses the Windows dispay graphic DLLs is vulnerable.

15 posted on 01/02/2006 4:00:54 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Swordmaker
The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week.

Errr, I thought the flaw was in .wmv files, quit downloading porn and music files until the patch comes out.....problem solved.

16 posted on 01/02/2006 4:01:40 PM PST by Decepticon (The sheep pretend the wolf will never come, but the sheepdog lives for that day (NRA)
[ Post Reply | Private Reply | To 1 | View Replies]

To: oceanview

Any browser, any image viewer amd email program is vulnerable. Windows Explorer browser is vulnerable.


17 posted on 01/02/2006 4:01:53 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: LEPEN

The only reason MACs don't have viruses is that nobody targets them.

Software is software. If someone wanted to exploit the MACOS, they could.


18 posted on 01/02/2006 4:02:43 PM PST by Paloma_55 (Which part of "Common Sense" do you not understand???)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Cicero

Please put a caveat that there are currently no fixes for Windows 98, 98 SE and ME.


19 posted on 01/02/2006 4:03:10 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Swordmaker

Steve is grinning from ear to ear over this.
20 posted on 01/02/2006 4:04:19 PM PST by Andy from Beaverton (I only vote Republican to stop the Democrats)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Jet Jaguar; Swordmaker
I have some links handy ( rummaging around old files hastily )...

John's Note:
 
I tried this-- seems OK on Win 2K:
 
Here's an update to the unofficial fix posted above. The folks at sans.org have taken the patch apart and modified it to work on WIN2K systems.. It's running on my system with no apparent ill effects. I'll be patching the other computers in the house shortly. The upshot is this: You cannot wait for the official MS patch, you cannot block this one at the border, and you cannot leave your systems unprotected.
 
----------------------------------------------------------------------------------------
 
New exploit released for the WMF vulnerability - YELLOW (NEW)
 
Sites exploit Windows image flaw (New attacks for pc users)
 
Windows Security Flaw Is 'Severe'
 
 

For video players that can handle other formats, give your friends these links -

www.videolan.org

www.divx.com

Subnote: V-lan works fine on my home machines- others I know swear it "hosed my codecs"- so be advised I provide that and other links on a "use with caution" basis.

21 posted on 01/02/2006 4:04:24 PM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Swordmaker
Every version of Windows released since 1990 is affected.

Drat. There goes WFWG 3.11...

22 posted on 01/02/2006 4:05:03 PM PST by sionnsar (†trad-anglican.faithweb.com† || Libs: Celebrate MY diversity, eh! || Iran Azadi 2006)
[ Post Reply | Private Reply | To 3 | View Replies]

To: snarks_when_bored
Unfortunately:

Ilfak Guilfanov (see GREEN box below) produced a highly-effective true patch which successfully suppresses all known exploitable vulnerabilities for anyone using Windows 2000, XP, server 2003, or 64-bit XP. No patch is available for Windows 95, 98, ME or NT, and none is expected to be forthcoming. But anyone using Windows 2000, XP, server 2003, or 64-bit XP should IMMEDIATELY install Ilfak's exploit suppressor into all of their systems.

23 posted on 01/02/2006 4:05:06 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Swordmaker

Yes, that's unfortunate.


24 posted on 01/02/2006 4:06:23 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 23 | View Replies]

To: snarks_when_bored
On the other hand:

Windows 98/SE/ME users: Microsoft's original advice to "unregister the shimgvw.dll" (shell image viewer) was never correct or useful on those platforms. The good news is that all current WMF exploits appear to be non-functional on the older Win9x vintage platforms . . . so you will likely be okay until Microsoft has updated your system with the next security patches. There is no short-term workaround for Windows 9x users.

25 posted on 01/02/2006 4:07:31 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Swordmaker
When did Microsoft ever release anything that wasn't susceptible to viruses?
26 posted on 01/02/2006 4:10:18 PM PST by airborne (If being a Christian was a crime, would there be enough evidence to convict you?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

I guess what happens will depend on whether the hackers feel like aiming at older versions of Windows and on how quickly Microsoft gets its patch out for those versions.


27 posted on 01/02/2006 4:10:30 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 25 | View Replies]

To: Paloma_55
The only reason MACs (sic) don't have viruses is that nobody targets them.

False. That "security by obscurity" theory has been shot down many times by people who know what they are talking about. Five years, 20,000,000 users, and counting with no OSX exploits in the wild.

28 posted on 01/02/2006 4:10:57 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: Swordmaker

AWK.

so what do I do???


29 posted on 01/02/2006 4:11:25 PM PST by DollyCali (Don't tell GOD how big your storm is -- Tell the storm how B-I-G your God is!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Decepticon
Errr, I thought the flaw was in .wmv files, quit downloading porn and music files until the patch comes out.....problem solved.

No, it's in the DLL that displays .wmf files, not .wmv (Windows Movie). .wmf files are Windows Metafile files, which are basically image files, mostly used for clip art, rarely on legitimate web pages.

30 posted on 01/02/2006 4:11:43 PM PST by Mannaggia l'America
[ Post Reply | Private Reply | To 16 | View Replies]

To: snarks_when_bored
Yep it's reliable alright. I downloaded it and when I ran it, it says it's corrupted. Downloaded it again and the same thing happened.

At this point I trust nobody.


31 posted on 01/02/2006 4:11:58 PM PST by unixfox (AMERICA - 20 Million ILLEGALS Can't Be Wrong!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: LEPEN

I don't really like the sauce on a big mac.... would an arbys be just as good?
susie


32 posted on 01/02/2006 4:12:17 PM PST by brytlea (I'm not a conspiracy theorist....really.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Swordmaker
Burn the BAD OS!
33 posted on 01/02/2006 4:13:20 PM PST by hiredhand (My kitty disappeared. NOT the rifle!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brytlea
I don't really like the sauce on a big mac.... would an arbys be just as good?

Probably... now if you could get either to display a .WMF graphic clip file of the Virgin Mary, you could sell it on eBay!

34 posted on 01/02/2006 4:14:56 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: unixfox
They could be experiencing lots of traffic. I downloaded the patch earlier today, no problem. Ran the checker program and it verifies that my system isn't vulnerable to the current exploits.

Try again a little later, perhaps...

35 posted on 01/02/2006 4:16:16 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 31 | View Replies]

To: Baraonda
pictures from laoding

Is that close to Vientiane?

36 posted on 01/02/2006 4:16:20 PM PST by ASA Vet (Those who know don't talk, those who talk don't know.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ASA Vet

LOL!

Meant loading


37 posted on 01/02/2006 4:17:46 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Swordmaker
after a group of computer hackers published the source code they used to exploit it.<<<< Am I missing something here??...Im just a click and pointer...but published???
38 posted on 01/02/2006 4:17:50 PM PST by M-cubed (Why is "Greshams Law" a law?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LEPEN
I have 2 machines on my desk: one is an AMD machine running XP, the other is an iMac G5. I do all my surfing, read all my mail on the iMac. The XP machine is getting so little use, next week it'll become a Linux box!
39 posted on 01/02/2006 4:19:57 PM PST by MrsEmmaPeel
[ Post Reply | Private Reply | To 5 | View Replies]

To: Mannaggia l'America
Precisely. The problem appears to be that an error message returned from clicking on a thumbnail can actually be redirected to execute code at whatever level of access the user doing so has. Any code. Not nice.

I've applied the Guilfanov patch to my local box and everything seems fine so far. I've heard of some problems in canceling large print jobs but haven't seen anything like that myself.

40 posted on 01/02/2006 4:19:59 PM PST by Billthedrill
[ Post Reply | Private Reply | To 30 | View Replies]

To: Mannaggia l'America
No, it's in the DLL that displays .wmf files, not .wmv (Windows Movie). .wmf files are Windows Metafile files, which are basically image files, mostly used for clip art, rarely on legitimate web pages.

Thanks for that. I'm researching it now....

41 posted on 01/02/2006 4:21:55 PM PST by Decepticon (The sheep pretend the wolf will never come, but the sheepdog lives for that day (NRA)
[ Post Reply | Private Reply | To 30 | View Replies]

To: Decepticon; Swordmaker
quit downloading porn

Sounds like a great Law Enforcement tool.

Insert the virus in some kiddie pork and get it circulating.

Then after a few months you can start picking up the perverts as the virus reports back the location of the infected machines.

42 posted on 01/02/2006 4:22:03 PM PST by Pontiac (Ignorance of the law is no excuse, ignorance of your rights can be fatal.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: LEPEN
People need to switch over to Mac.

"Virus attacks every Mac ever made, hundreds affected."

43 posted on 01/02/2006 4:23:16 PM PST by TC Rider (The United States Constitution © 1791. All Rights Reserved.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: oceanview
what's the bug? does it only affect web images loaded into Internet Explorer, or is any browser vulnerable?

MSIE users may be infected automatically. Firefox, Mozilla and Opera users will be prompted for action (open with application, save to hard drive).


F-Secure:

"In our tests (under XP SP2) older versions of Firefox (1.0.4) defaulted to open WMF files with "Windows Picture and Fax Viewer", which is vulnerable. Newer versions (1.5) defaulted to open them with Windows Media Player, which is not vulnerable...but then again, Windows Media Player is not able to show WMF files at all so this might be a bug in Firefox. Opera 8.51 defaults to open WMF files with "Windows Picture and Fax Viewer" too. However, all versions of Firefox and Opera prompt the user first."


I've tested Firefox 1.5 and Mozilla 1.7.12. With both browsers, the above is the case. In my case, Paint Shop Pro is resgistered to handle WMF files. When encountering a WMF file (which I created myself) embeded in a HTML file (I tried both the IMG and EMBED tags), these browsers prompted for action.

Opera 8.5 displayed the IMG tagWMF file as an empty box with the word "Image" inside. The EMBEDED tag WMF file was displayed as an empty box with the words "Plug-in content" inside.

44 posted on 01/02/2006 4:23:45 PM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Swordmaker

LOL
susie


45 posted on 01/02/2006 4:25:08 PM PST by brytlea (I'm not a conspiracy theorist....really.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: LEPEN
People need to switch over to Mac.

Yep...and then Macs will be the target.

I just love these Mac folks who think that the answer to all ills a Mac.

Get a clue.

46 posted on 01/02/2006 4:26:05 PM PST by Recovering Hermit (Guess what? I got a fever! And the only prescription...is more cowbell!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: LEPEN

Nah... you can't manipulate a Mac.


47 posted on 01/02/2006 4:26:43 PM PST by RedBeaconNY (Vous parlez trop, mais vous ne dites rien.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Billthedrill
I got windows 95 & dial-up, so a lot of what's out there doesn't affect me (not everything I know, but most of it). I got a good system at work, so I don't need to waste the money at home...

Also, I only go to a few sites good sites like this one.

48 posted on 01/02/2006 4:26:47 PM PST by LiveFreeOrDie2001 (Fellow FReepers... Get busy, make more Conservatives !)
[ Post Reply | Private Reply | To 40 | View Replies]

.


49 posted on 01/02/2006 4:26:52 PM PST by firewalk
[ Post Reply | Private Reply | To 1 | View Replies]

To: TC Rider
"Virus attacks every Mac ever made, hundreds affected."

Cute. Here Let me re-state it correctly for you:

"No Vruses attack every OSX Mac ever made, 20,000,000 not infected!"

50 posted on 01/02/2006 4:28:15 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 43 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-100101-150151-200201-205 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson