http://money.cnn.com/2006/01/03/tec...dex.htm?cnn=yes


Quote:
NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.

According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.

What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.

"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.

"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.

Microsoft said a security patch would be available for the problem on Tuesday, January 10 after it has passed rigorous testing procedures.

Because of the severity of the threat, the SANS Institute, a computer security group, has released a patch for the vulnerability until Microsoft's fix is available next week. It is available here.
Apparently, there's an unofficial patch released.
http://www.nbr.co.nz/home/column_ar...name=Technology

Wooo... that sounds nasty. Any clue as to if the images are circulating around the net yet?

Oh, btw, your links didn't work :?

Lol,

cant wait to get my next set of spam, thankfully I use mac for my email for this exact reason!

Phew.

D

D, Macs are just as vulnerable to viruses as PCs are - it's just there's little point 'the idiots' writing them just yet as the user base is so low.

Tha Mac's day will come.... :) :P :wink:

Actually Macs and Linux are not as vulnerable as Windows. There are inherent "faults" within both the design and code of Windows that makes it more susceptible.

This coupled with the fact that Mac/Linux users tend to me better educated that Windows users - how many XP users log in as administrator to do their day-to-day work? I'll tell you - lots!

This coupled with the fact that Mac/Linux users tend to me better educated

:oops: ;)

Clearly Mac users are not as well educated as Linux users - but you can't have anything!

Security Report: Windows vs Linux (http://www.theregister.co.uk/security/security_report_windows_vs_linux/)

I dont think better educated is quite the right term, maybe "have more indepth knowledge of computers" may be better.
I have had a small play with linux in the past for about a year or so, (red hat 6.2 so quite a bit ago) and it has quite a few good points, but due to lack of time to learn it thoroughly, my linux box ended up as a router for ages.
I think if more people used Linux, then there would be more people looking for exploitung linux, and therefore more "nasties" would be seen, likewise with a Mac.
how many XP users log in as administrator to do their day-to-day work? I'll tell you - lots!
I'll second that

the problem is when u view the image without clicking or downloading it ,the virus will enter your computer and the link i am not sure is it working but wish in the mean time wish all of us would not contract the virus ! now i have warn u guys must be alert and not to visit all those werid website and no shooting duck for ipod !!!! :lol:

Arthur, where are you gettting this info? the above 2 links dont work, the only RECENT threats are regarding WMF's and windows has patches for these.

Arthur, where are you gettting this info? the above 2 links dont work, the only RECENT threats are regarding WMF's and windows has patches for these.
Patches aren't expected until 10th Jan.

Info here:-

http://www.kb.cert.org/vuls/id/181038

and an FAQ here:-

http://handlers.dshield.org/jullrich/wmffaq.html

Many thanks for that, I did a quick google but didnt come up with anything as new as that, when I said in my precious post there were patches , I was refering to KB896424 and associated patches which are of course pretty old.
Have you installed the unoficial hotfix on anything? if so any problems? If you hear of anything further regarding this issue, a post here or PM would be brilliant.

Thanks again

CALV

Many thanks for that, I did a quick google but didnt come up with anything as new as that, when I said in my precious post there were patches , I was refering to KB896424 and associated patches which are of course pretty old.
Have you installed the unoficial hotfix on anything? if so any problems? If you hear of anything further regarding this issue, a post here or PM would be brilliant.

Thanks again

CALV
ok ! i will keep u guys updated ! and Microsoft said a security patch would be available for the problem on Tuesday, January 10 after it has passed rigorous testing procedures.

ok ! i will keep u guys updated ! and Microsoft said a security patch would be available for the problem on Tuesday, January 10 after it has passed rigorous testing procedures.
Are you sure Microsoft said that?

ok ! i will keep u guys updated ! and Microsoft said a security patch would be available for the problem on Tuesday, January 10 after it has passed rigorous testing procedures.
Are you sure Microsoft said that?
it stated here
:( http://money.cnn.com/2006/01/03/tec...dex.htm?cnn=yes

I get a 404 for that link

Seems like the M$ update is out already, or at least I just got it for Win2K.

Xp as well, one of mine picked i t up as an automatic update, for those interested its kb912919

CALV

Xp as well, one of mine picked i t up as an automatic update, for those interested its kb912919

CALV
hmmmmm 1 less virus to worry about now :lol: