Alpha Posted January 4, 2006 Share Posted January 4, 2006 By Kevin Allison in San FranciscoPublished: January 2 2006 18:18 | Last updated: January 3 2006 12:01 Computer security experts were grappling with the threat of a new weakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image. “We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw. Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. However an official patch to correct the flaw was not expected to be released until January 10. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources, and provided instructions for a “workaround” that would reduce the likelihood of attacks. Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer. Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend. “We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix. In its security bulletin, Microsoft made a general recommendation against unofficial patches, saying it was “best practice to utilise security updates for software vulnerabilities from the original vendor of the software”. Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats. The company could not be reached on Monday for comment.Source: http://news.ft.com/cms/s/0d644d5e-7bb3-11d...00779e2340.html ......This is just terrible, what is wrong with Microsoft? They're making us a bunch of paranoid freaks. January 10th is a long way's away. This gives virus makers plenty of time to make the ultimate intrusion into all our computers. However, it also gives Linux a good chance to come back on top. I've noticed many library's are now switched to Red Hat Linux or other Linux software. Only time will tell. Link to comment Share on other sites More sharing options...
Samor Posted January 4, 2006 Share Posted January 4, 2006 By Kevin Allison in San FranciscoPublished: January 2 2006 18:18 | Last updated: January 3 2006 12:01 Computer security experts were grappling with the threat of a new weakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses. The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers. “The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.” The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image. “We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw. Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. However an official patch to correct the flaw was not expected to be released until January 10. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources, and provided instructions for a “workaround” that would reduce the likelihood of attacks. Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer. Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend. “We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix. In its security bulletin, Microsoft made a general recommendation against unofficial patches, saying it was “best practice to utilise security updates for software vulnerabilities from the original vendor of the software”. Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats. The company could not be reached on Monday for comment.Source: http://news.ft.com/cms/s/0d644d5e-7bb3-11d...00779e2340.html ......This is just terrible, what is wrong with Microsoft? They're making us a bunch of paranoid freaks. January 10th is a long way's away. This gives virus makers plenty of time to make the ultimate intrusion into all our computers. However, it also gives Linux a good chance to come back on top. I've noticed many library's are now switched to Red Hat Linux or other Linux software. Only time will tell.<{POST_SNAPBACK}> linux back on top...unlikely;1) linux is still seriously lacking on user-friendliness (pointing someone to read a HOWTO is NOT user-friendly)2) MS has to screw up more than that to make a lot people leave it.3) Mac's would have a bigger chance oh, HNY Gamecop :) Link to comment Share on other sites More sharing options...
Agozer Posted January 4, 2006 Share Posted January 4, 2006 Yeah, this has been all over our local press. Microsoft Microsoft, why are you giving us such headaches? Link to comment Share on other sites More sharing options...
ken_cinder Posted January 5, 2006 Share Posted January 5, 2006 A little tip for anyone who suspects an intrustion of any type that zombie's your PC. (Trojan etc) If you suspect an intrusion, but theres currently no way of scanning for it (No AV db entry for it yet etc......) Theres a simple way to tell that something isn't right. First off, check your running processes. If you see something that wasn't there and you're pretty sure it really doesn't belong.......kill it. Even if you kill a system critical process (btw Windows won't allow this anyway, you're denied access to kill a critical process even as an Admin) the worst that will happen is you restart your machine......whuppee. Secondly:Close all processes that make use of a network connection (Local AND remote and this includes web browsers, just because nothing is loading doesn't mean theres no open connection!) and open a command prompt and run "NETSTAT" (Without the quotes). If you have nothing running that makes active use of your connection(s) you won't get any results back except for 1 or 2 localhost entries (Loopback, ignore entirely). Possibly the only thing would be your clock synchronizing with a time server at that time, or other windows processes doing similar tasks. 2 critical things to look for in NETSTAT are foreign addresses marked with "FTP" and "HTTP". If you've got nothing running, and you see a foreign address tagged with either (Especially FTP) you could have a problem.Alot of trojans tend to install an FTP server in the background that goes unnoticed.Again, with the clock syncronizing thing, an HTTP entry could be related to this........but when in doubt, do a DNS lookup on the entry. As for dealing with a suspected intrusion, you can always block an address with a firewall, or if you can locate the process responsible, you can get rid of it (In safe mode or booting from a DOS disk) Link to comment Share on other sites More sharing options...
Weirdy Posted January 5, 2006 Share Posted January 5, 2006 (edited) in case you guys didn't know to disable the windows fax and picture viewer (which will disable thumbnails too), enter the following in "run" or on the command line regsvr32 -u shimgw.dll ...I think then just reboot after that, to view your images, just look for 3rd party software, or use a web browser Edited January 5, 2006 by Weirdy Link to comment Share on other sites More sharing options...
Shibathedog Posted January 5, 2006 Share Posted January 5, 2006 I think this whole windows/linux/virus thing is ironic, because wouldnt you think linux would have more viruses...it being open source and everything? ha, but thats not the case Link to comment Share on other sites More sharing options...
Samor Posted January 5, 2006 Share Posted January 5, 2006 I think this whole windows/linux/virus thing is ironic, because wouldnt you think linux would have more viruses...it being open source and everything? ha, but thats not the case<{POST_SNAPBACK}> that's because no one cares about it Link to comment Share on other sites More sharing options...
Elazul Yagami Posted January 5, 2006 Share Posted January 5, 2006 I think this whole windows/linux/virus thing is ironic, because wouldnt you think linux would have more viruses...it being open source and everything? ha, but thats not the case<{POST_SNAPBACK}> that's because no one cares about it <{POST_SNAPBACK}> no that;s because to infect it, you'd hafta actually MOUNT the virus yourself. Link to comment Share on other sites More sharing options...
Weirdy Posted January 5, 2006 Share Posted January 5, 2006 (edited) the patch (thanks to Tigerj for the info) now, just go to "run" or the command line and enter regsvr32 shimgvw.dll Edited January 5, 2006 by Weirdy Link to comment Share on other sites More sharing options...
Elazul Yagami Posted January 5, 2006 Share Posted January 5, 2006 i already did that command, but why do it? Link to comment Share on other sites More sharing options...
Weirdy Posted January 6, 2006 Share Posted January 6, 2006 (edited) i already did that command, but why do it?<{POST_SNAPBACK}>I said earlier to do regsvr32 -u shimgvw.dll to disable the windows picture and fax viewer and thumbnails that would trigger the exploit but since there is now a patch, you can enable it with regsvr32 shimgvw.dll Edited January 6, 2006 by Weirdy Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now