New IM Worm Exploiting WMF Vulnerability 360
An anonymous reader writes "After less than a four days after original mailing list posting there are reports about a new Instant Messaging worm exploiting unpatched Windows Metafile vulnerability. This worm is using MSN to spread, reports Viruslist.com."
How do I avoid it? Fixes? (Score:4, Insightful)
Re:How do I avoid it? Fixes? (Score:2, Funny)
Re:How do I avoid it? Fixes? (Score:5, Funny)
Fixed
Re:How do I avoid it? Fixes? (Score:5, Informative)
http://www.aota.net/forums/showthread.php?p=14305
also check out FSecure's blog:
http://www.f-secure.com/weblog/ [f-secure.com]
Re:How do I avoid it? Fixes? (Score:5, Informative)
There is now a "Windows WMF Metafile Vulnerability HotFix" available from Ilfak Guilfanov. Have a look here http://www.hexblog.com/2005/12/wmf_vuln.html [hexblog.com]
The problem - and the fix - has been discussed also at GRC.com's Security Now podcast. Check out this link http://www.grc.com/sn/notes-020.htm [grc.com]
Re: How do I avoid it? Fixes? (Score:3, Insightful)
By Tuesday we'll probably be getting e-mail trojans claiming to be a fix.
Re:How do I avoid it? Fixes? (Score:5, Informative)
Re:How do I avoid it? Fixes? (Score:2, Informative)
Follow the suggested action in the Microsoft advisory linked right up there above.
Re:How do I avoid it? Fixes? (Score:4, Informative)
start->run
regsvr32 -u %windir%\system32\shimgvw.dll
http://www.microsoft.com/technet/security/advisor
Re:How do I avoid it? Fixes? (Score:5, Informative)
Re:How do I avoid it? Fixes? (Score:5, Funny)
Re:How do I avoid it? Fixes? (Score:4, Informative)
Re:How do I avoid it? Fixes? (Score:2)
Ah, Slashdot... (Score:4, Funny)
Re:Ah, Slashdot... (Score:2, Redundant)
I was going to comment on this, but I guess it would be redundant.
Re:How do I avoid it? Fixes? (Score:2)
(It did a couple of versions back, maybe that's changed now. Trillian user myself).
Re:How do I avoid it? Fixes? (Score:2)
Re:How do I avoid it? Fixes? (Score:5, Interesting)
For those who want actual advice: http://www.hexblog.com/ [hexblog.com] -- a fix which creates a hook to disable the affected code. The fix has been analyzed by Steve Gibson. [grc.com]
Re:How do I avoid it? Fixes? (Score:3, Informative)
Re:How do I avoid it? Fixes? (Score:3, Informative)
Security researcher he isn't (really), but I do respect his ability to code. At any rate, for those who don't know why that's potentially laughable, see the GRC sucks [grcsucks.com] website.
Re:How do I avoid it? Fixes? (Score:3, Insightful)
Straw Man, Mod Parent Down (Score:3, Insightful)
Re:How do I avoid it? Fixes? (Score:2, Insightful)
Re:How do I avoid it? Fixes? (Score:2)
Re:How do I avoid it? Fixes? (Score:5, Insightful)
Explain to me, then, why IIS is less widely-deployed than Apache, but IIS has significantly more worms.
Re:How do I avoid it? Fixes? (Score:5, Insightful)
Pure speculation. There is absolutely no reason to believe that market share is the cause of low security. Shitty programmers with little or no Q/A, and a huge festering codebase which is continually patched together with duck tape to keep it going, along with a refusal to force 3rd party vendors to release software which runs properly (IE doesn't require local admin to run) causes security holes. For example, TOAD, some sql development software for Oracle, requires, REQUIRES, full write privileges to the directory it is installed in, or it refuses to run. This is mainstream software, and is used probably by millions of developers. But it still places fucking ini files in the install directory.
Don't blame Windows lack of security, it's more its market share, transparency between versions to blame and the lack of brains on the end user's parts.
Why would an end user suspect that opening a picture file could cause a virus to be installed on to their computer? Windows doesn't have *bad* security, Windows has no security. In order to have a useable system you MUST run Windows as local administrator. Thus every program you run has the power to format your hard drive if it likes. Every process which is run and has a flaw has the potential to fuck your computer up.
Transparency between versions? How does that cause poor security? Shouldn't the fact that MS recycles about 90% of their code between releases give them a lot more resources to track down those HUGE, GAPING holes in their OS?
FOR CHRISTS SAKE! Windows can be infected by a virus just by having certain things displayed on the screen! What an insane piece of shit it must be.
Re:How do I avoid it? Fixes? (Score:3, Informative)
That right there is Microsoft's solution. Absolutely breathtaking....
Re:How do I avoid it? Fixes? (Score:4, Insightful)
This is the cause for a simple reason: Imagine you're a programmer making an app that runs properly as a less-privileged user. You do a little developing. You log out. You log back in as a less-privileged user. You test the app, using printf as the main debugging tool. You log out. You log back in. You restart the IDE and get everything back like it was. You do a little developing. And so forth. It's a waking nightmare of the type formerly encountered only in H.P. Lovecraft stories.
Microsoft's tools punish you for trying to do the right thing, because they want bad software so the customers expect to be on an upgrade treadmill.
*The original total rewrite of the C-language tools, the Java toolset, and the CLR toolset.
Indeed. If only Bill Gates had put sane people like Dave Cutler (NT kernel chief architect) in charge of every major project, instead of whoring out the codebase in a mad dash to squash Netscape and Sun. It's one thing for a tiny company barely staying afloat to cut standards, and entirely another for a rich company with billion dollar piles of cash lying about. The former is understandable, the latter is recklessness bordering on malice.Re:How do I avoid it? Fixes? (Score:3, Interesting)
A bunch of automated tests for one piece of software will prevent bugs which effect *functionality*. They cannot find bugs|vulnerabilities which are the result of poor design.
And as for MS making good software, Windows does not even come with a plain text editor which can handle UNIX line termination! Notepad shits all over it, and Wordpad is NOT a reasonable editor to edit source or shell script code. EVERY OTHER text e
Re:How do I avoid it? Fixes? (Score:3, Insightful)
Let's see... How about forcing you to run even much of microsoft's own software as local admin in order to get it to work?
How about running active X code with the same privileges as the current user? Hundreds of exploits have depended on this... clearly bad design.
Instead of closing these ongoing and massive security holes, they have now released anti-spyware as a solution. So MS's idea of security is to have a daemon which can recognize and kill any known thr
Re:How do I avoid it? Fixes? (Score:3, Funny)
Happy New Year! (Score:4, Funny)
Re:Happy New Year! (Score:2)
temporary fixes (Score:5, Informative)
http://isc.sans.org/diary.php?rss&storyid=996 [sans.org]
http://www.f-secure.com/weblog/#00000760 [f-secure.com]
http://www.grc.com/sn/notes-020.htm [grc.com]
be aware the runnable patch is completely unofficial, the only action microsoft suggest is unregistering a vulnerable dll which only mitigates the most common method of exploitation while not fixing the underlying problem.
NFI how long it will take microsoft to have an official patch out, but from the sans site, it doesnt look promising that it will appear soon.
Comment removed (Score:4, Interesting)
Do. This. Now. (Score:5, Informative)
All the necessary information and explanation (plus q/a) is here. This is the only hope at present. Good luck to everyone on Jan 2 when this thing takes over the world.
Developers, stop using ... (Score:3, Interesting)
From MS' site: [microsoft.com] 4: Block pop-up windows in your browser
My credit union requires that I allow pop-ups! I don't know how many times I've gone to legitimate websites and scratched my head for a while trying to figure out why I wasn't seeing anything - all because I'm blocking pop-ups! Firefox tells you with that little message on top of the window, but you know how it is, after a while, you don't notice it anymore.
Re:Developers, stop using ... (Score:4, Informative)
Re:Developers, stop using ... (Score:2)
Re:Developers, stop using ... (Score:2)
Pop up windows, like modal dialogues, have legitmate uses, but again like modal dialogues, they're overused.
Re:Developers, stop using ... (Score:3, Informative)
Comment removed (Score:4, Interesting)
Re:There needs to be... (Score:2)
Re:There needs to be... (Score:4, Insightful)
Re:There needs to be... (Score:4, Informative)
Re:There needs to be... (Score:3, Insightful)
Re:There needs to be... (Score:4, Insightful)
The earlier poster was correct - some poeple have no choice but to use MS Windows - but the answer as it has been for years is not to let their machines onto the net without adult supervision. I completely block this MS windows clone of IRC and it doesn't bother anyone - using instant messaging for business communication is a braindead idea anyway unless everyone is tied to their desks and focuses on short term tasks, and luckily I don't work in such an environment.
Re:There needs to be... (Score:3, Informative)
Having used both, I stand by my comment that they're rough around the edges. Not hard to use, perhaps, but they have a number of odd behaviors that are not intuitive to anybody who isn't familiar with them. A
Re: There needs to be... (Score:5, Insightful)
If people would aim their expectations at their software vendors rather than their computers, that problem would go away.
Re:There needs to be... (Score:3, Informative)
Re:There needs to be... (Score:4, Interesting)
Nope.
I've had conversations with regular non-techy people. They don't get it; they think that they are safe and/or don't want to think about the dangers or alternatives. Ever. It is not possible to convince them and if you point them to a technical site, they will ignore it. They must come to the decision by themselves after long years of abuse, if they drop Windows at all. That said, to my surprise, my brother in law decided to get a Mac Mini for his kids this Christmas. I gladly helped them configure it and bring over data from the old Windows box they (unfortunately) still use. I've given him that advice for about 5 years, and did not talk with him about it for the last 6 months...so whatever I've said or pointed out to him had very little to do with his decision. (My brother-N-L is a smart guy and does not ignore most other advice w/o good reasons.)
Personally, I just refuse to help them to secure the Windows-based systems they chose to use unless it is a single-function server that I can configure how I see fit. I do reinforce with them just how hard it is to use Microsoft's products in a safe manner; 'exceedingly frustrating and still I'm unconvinced that it is secure when I'm done' is a phrase I use often.
NOTE: I _DO_NOT_ subscribe to the idea that if you keep a system updated with the current patches, use a firewall, and be careful, it is safe to use. If that system is safe, it is more by luck and chance and not by your hard work. This exploit is a perfect example of how all those methods fall apart and can not be relied on.
Re:There needs to be... (Score:2)
Re:There needs to be... (Score:3, Interesting)
Re:There needs to be... (Score:4, Insightful)
We've all been trying this years ago. But just yesterday, I got my ass kicked down to troll and flamebait for daring to suggest that Linux/Open Source/OS X/BSD/Anything-but-Windows is anything but an utter turd. What hope is there to educate a public who cannot get past the idea that the internet is just AOL and Bill Gates invented the computer and a hundred other misconceptions? You're advocating college education for people who can't pass kindergarten.
From my ledge, I see it as counterproductive to call users "Joe Sixpack" and "Gramma". These are false stereotypes. Given the opportunity, anybody can learn. Nobody was born knowing Windows 20 years ago, but it caught on, didn't it? There's more "for Dummies" books where "DOS for Dummies" came from.
But yeah, I do my part to post hints 'n' tips every other day on my geek blog, but it's more directed at people who've already found Linux. I tried in a past life to do similar for Windows users, and got nowhere: it's a hole with no bottom.
Only works for so long... (Score:2)
Another GOOD reason not to run IM! (Score:4, Interesting)
To fix the security risk of IM, either the you give up point to point email that it is to force it though filtering servers (sound like email there again). The Anti-Virus programs on every machine will have to start filtering all that traffic too (wait they are doing this for wmail today also!!)
--
When will people learn that NEW is not always GOOD.
Re:Another GOOD reason not to run IM! (Score:5, Insightful)
IM is potentially the most influential communication medium since email.
I have had quite a few of my customers tell me that "The simple fact that I can reach you via IM, has made your company's service better than any other partner."
IM is "instant", offers logging of communications and doesn't require somebody to check their email (it pops up on their screen). In many ways it is a better communication tool than other options: phone, email or fax. You can even use it to see if somebody is in the office yet, or out to lunch. I could go on and on...
Feel free to not use it; the rest of the modern business world won't be joining you.
Re:Another GOOD reason not to run IM! (Score:4, Insightful)
Being "instant" allows people to annoy you for any little thing. The dozen or so phone interruptions I used to get a day are now 20-30 IM interruptions.
"Logging of communications" also means you have no privacy. And if you think your boss isn't tracking you by your IM status you're kidding yourself.
Screen popups mean that you don't have to wait for the recipient to check their email/vmail but it also means that you just interrupted what they were doing. I don't know how many times I was trying to solve a problem and I got IMed by multiple people asking if I had solved the problem.
The difference between IM and previous forms of communication is that I used to have a choice.
Re:Another GOOD reason not to run IM! (Score:2)
Doesn't your IM system support Do Not Disturb as a status?
"Logging of communications" also means you have no privacy.
Bosses who log IM probably also log email, so that's a wash.
The difference between IM and previous forms of communication is that I used to have a choice.
Interesting. I've never had a choice of whether to respond quickly to questions, regardless of how they arrived.
Re:Another GOOD reason not to run IM! (Score:2)
That's what IRC is for.
Re:Another GOOD reason not to run IM! (Score:2, Insightful)
Ummm, not really. Half the peo
It's worse than that (Score:5, Insightful)
Since the first exploit came to light, H.D.Moore of the Metasploit project has reworked the original package they did. The new exploit spits out exploit WMF files [sans.org] that come:
SANS/ISC have provided excellent continued summaries of events around this. Here's their FAQ on the issue [sans.org].
This is looking truly horrible. On Tuesday morning zillions of Windows desktops will be fired up for the first time in a week or two. This thing's already in widespread use by a number of malware distribution networks for the usual reasons. As such it's a nightmare for network and system admins with Windows machines to look after (and us security people trying to provide advice & assistance for them...) But the stealth nightmare is that this is an absolute jackpot for the less visible targetted attacks, such as those emanating from China for the past couple of years (google around, Slashdot and Schneier have covered this as well as many other places.) There are also the opportunistic types who see an easy opportunity to pwn some key machines where they work, say. I will stick my neck out here and make a prediction. Virtually all organisations with Windows machines are effectively wide open to total compromise by a reasonably informed person. That means much of the IT dept as well as significant numbers of the 'interested poweruser' types, developers with a casual interest in security,.. anyone who's heard of this and is capable of running the findingm, running and using the new exploit, basically. Of course we're all tweaking our IDSes and antivirus, locking things down as tight as possible in the 48 hours remaining, but... *shudder*
For ten years I've been waiting for Microsoft's luck to run out. This is about #3 on my list of catastrophic MS incidents. There aren't many ways things could be worse.
It will be a good time to be running Linux on work machine, though :)
Re:It's worse than that (Score:2, Insightful)
BTW, according to testing by AV-Test of 73 variants all of the major AV packages and most of the others are detecting all of them. You're right though that there will be holes in this coverage, especially in as much as some of them are doing exploit-by-exploit coverage as opposed to a true heu
Re:It's worse than that (Score:5, Insightful)
worms are pretty easy to seal out with a firewall and are easally patched. this exploit allows all sorts of local user exploits in a corporate environment. it also so far has been able to fly through hardware and software firewalls of all shapes and sizes.
Re: It's worse than that (Score:2)
Oh, that's a relief.
Re:It's worse than that (Score:5, Informative)
I have seen in the past week our work increase 5 fold because of this exploit. What is normally a very slow time of the year for us has become very busy for us and it's making me nervous myself.
We had a few customer that bought brand new computers and laptop and are bringing them back the same day with this exploit. A quick check reveals that their Norton was up-to-date, yet this stuff still slipped in. Other customers are getting this thing left and right. Unfortunately I have not much to tell them except to keep updating all your security products daily as it's only going to get worse before it gets better. Hand them a copy of Norton and Sunbelt Counterspy and tell them good luck.
I do believe there is a bit a social engineering planned into this. Customers with year-end financials, tax season starting up, holiday credit card payments and statements coming through. Very ripe time to plucking financial and personal data. And with this being an extended holiday weekend, this exploit has a bit of time to fester and refine itself before the big trojan/virus with a major payload slips past the AV and Adware detections and onto millions of computers. What happens when someone combines with exploit with a backgood into a major ad server network? Imagine the damage then.
I'm doing the best I can at my house against this thing, but looking at the 7+ Windows boxes I'm now worrying about updating, installing, patching and unregistering, and the 1 Apple laptop I haven't had to restart in 6 months, and I wonder if this is going to be the big one that really gives Microsoft the black eye it can't recover from.
I'm doing the best I can... (Score:4, Informative)
If you're an IT pro and you're running Windows at home, you should have your boxes imaged so you can just unhook from the net, image, apply the fix, take a new image and hook back up to the net. Seven boxen shouldn't take you more than a couple hours -- less if you use a standard image.
If you're setting this up for the first time, don't forget to redirect "My Documents" to a different partition, or better yet a server with a backup regime. Oh, yeah, and choose the "Activate Windows over the phone" option before you make your first image so you don't have to re-activate each time.
If you're an IT pro and you're not using Windows at home, take the extra hours and spend some holiday time with your friends and family. Life is short.
Can IM/RSS clients download automatically? (Score:4, Insightful)
I have seen in the past week our work increase 5 fold because of this exploit. What is normally a very slow time of the year for us has become very busy for us and it's making me nervous myself.
I know next to nothing about IM/RSS software, so I am just speculating here.
But suppose you had some IM/RSS client [MSN, AOL, Yahoo, whatever] that had an image rendering aspect to it. For example, suppose your IM/RSS client were capable of rendering the JPGs in an HTML message.
Then it seems to me that if you had such an IM/RSS client running on your desktop, and if someone knew your IM/RSS handle, then they could send you an IM/RSS message with very elementary instructions for downloading the evil file:
and you'd be hosed without ever having clicked on any link. And if the worm were really smart, it could then install "thttpd" trivial http daemons to spread itself internally on any corporate network [via each person's IM/RSS "address book"].If that's true, and if lots of employees left their computers running and logged into windows with such "automatic" IM/RSS clients running on the desktop, then Tuesday or Wednesday morning [or whenever people decide to come back from their New Year's vacation], there could be literally MILLIONS of infected machines.
So the question: Are there IM/RSS clients that can download files automatically?
Re:It's worse than that (Score:3, Insightful)
But this is where the issue lies and why IMO viruses are of virtually no threat anymore, it's going to be all ad/spyware from here on. For instance, I finished up a cleanup of a machine yesterday. Went through it with 1 AV scanner, and 7 different AntiSpyware tools, plus had to go in by hand and do manual removals. 1 viru
why would they do this? (Score:3, Interesting)
But why would someone make a program specifically designed to make an undetectable/untraceable version of the exploit?
I can only see harm coming from this.
And I'm sorry, but "because it's there" doesn't work when you know there's only negative outcomes of what you do.
Re:why would they do this? (Score:3, Insightful)
Until Micorosft fixes the problem,
Re:"because it's there" doesn't cut it... (Score:4, Interesting)
Apparently you fail to realize this was a 0-day exploit. That is, there were people already exploiting this flaw before anyone else found out about it. Because they didn't release their source code do you feel safer by this? So your argument that the attackers aren't "awesome programmers" is completely worthless because these attackers found and wrote the original exploit code to begin with. We don't know how long this flaw may have been used in the wild before this one was found. Some "awesome programmers" could've been using this flaw years ago to break into networks. Re-read my original reply.
Now some people who happen to have analyzed that exploit figured out just exactly how seriously this flaw is and what could be done with it if it's not fixed.
A simple explanation is plenty.
So you're saying that if all the attackers have is a simple explanation that they wouldn't be able to write code based upon that explanation? Yeah right. The people who wrote these sample exploits didn't even have that to begin with and look at what they've been able to come up with. The people ("attackers") who wrote the originally known exploit didn't need a simple explanation either.
So now virus scan writers and IDS maintainers, etc, now have a LOT more information for how to defend against this particular threat. A simple explanation isn't sufficient. Now scanners and IDS can use these discovered methods to improve detection and prevention of exploitation of this flaw.
Again, I just don't see why someone would need to make the most evil version of this possible and distribute the source code.
Well, I can't explain it any clearer. You're using the "security through obscurity" argument that history has shown to be insufficient for protecting our computers and networks.
Great.. (Score:3, Interesting)
regsvr32 -u %windir%\system32\shimgvw.dll
BUT according to this analysis, the real fault lies with gdi32.dll ! How the hell do you get rid of that? It's about as deeply embedded in windows as, say, glibc is in Linux distributions..
Re:Great.. (Score:2, Informative)
Pointing the finger at gdi32.dll is like running a malicious script that executes "rm -fr
What you gonna do, internet..... (Score:4, Funny)
Most importantly: THERE IS A FIX (Score:5, Informative)
http://www.hexblog.com/2005/12/wmf_vuln.html [hexblog.com]
Re:Most importantly: THERE IS A FIX (Score:2)
Re:Most importantly: THERE IS A FIX (Score:3, Informative)
Re:Most importantly: THERE IS A FIX (Score:2)
Re:Most importantly: THERE IS A FIX (Score:2)
Re:Most importantly: THERE IS A FIX (Score:4, Insightful)
Good TIMING! (Score:2)
I figure the exploiters, even if they aren't the fastest in the bunch, will have massive penetration by the time people start modifying their systems to protect themselves.
So I'm wondering if the bad guys knew about this one for a while and just waited until now to spring it, or did the Microsoft customers just get profoundly unlucky.
Steve Jobs is probably laughing away over this one.
Fearmongering (Score:4, Interesting)
Seen this on porn sites (Score:2)
lucky I'm using Linux.
Is this the exploit reported back in November? (Score:3, Interesting)
Re:Is this the exploit reported back in November? (Score:5, Informative)
VBS in WMF? WTF?! (Score:2, Informative)
Best WMF Mitigation Strategy (Score:4, Informative)
1. Microsoft has not yet released a patch. An unofficial patch was made available by Ilfak Guilfanov. http://handlers.sans.org/tliston/wmffix_hexblog13
2. You can unregister the related DLL.
3. Virus checkers provide some protection.
To unregister the DLL:
* Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
* A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Re:MSN? (Score:5, Informative)
Netherlands being the place where it first appeared, and being from Belgium myself, I can say that everybody here simply says 'MSN' when they mean 'MSN Messenger'.
It's more common in europe anyway to use MSN instead of other popular IM networks used thoughout the USA and other countries. IM was never popular with non-geek computer users here and when broadband internet (with a fixed price/month) arrived most teenagers (the primary group of users in europe) all started using MSN Messenger.
Re:MSN? (Score:2)
well apart from the fact they rely on abusing thier users bandwidth to support users behind firewalls yes.
Re:Macs (Score:5, Insightful)
Plus, OS X is a Unix, which means it plays nicely with other Unices, and it behaves like a Unix on the command line -- so I get all the power of pipes, vi, Bash, the BSD ports collection (a la Darwinports), gcc, and so on. On the GUI side, it behaves like a Mac -- and I think you'd be hard-pressed to fault Apple for their GUI design.
Best of both worlds; you just have to shell out a slight premium for the hardware, and given that you get a REAL OS with it, I'd say that Mac offers a better bargain for the desktop user than any Dell or Gateway.
Re:Macs (Score:2)
A real OS that won't run a large proportion of the software people want to run. It doesn't matter how good it is it's how practical it is that counts. I'd quite like an Apple myself but it can't do everything that I want my Windows box to do. Same reason that I have a Linux partition rather than a solely Linux box.
Re:Macs (Score:2)
Microsoft Word? Microsoft Excel? Powerpoint? Outlook (Entourage)? Photoshop? Quicken? Dreamweaver? Firefox? Illustrator? InDesign? GoLive? Flash, Freehand, Fireworks? Or most anything not native that will run under Virtual PC?
I just bought a Powerbook recently, and have everything covered that I had running on my Dell. So I guess I'm not sure what major software is missing that most people want to run...
Oh. You must mean
Re:Macs (Score:2)
some people like consoles and i must admit there are a few console games that i quite like but no console even comes close to the back catalogue of PC games (though admittedly a lot of those can be hard to make work on the non-dos versions of windows) and even if they did very few console games support mods or even custom maps and internet play is a pretty new feature for consoles (yet its some
Re:so... (Score:2)
http://slashdot.org/~josepha48/journal/125456
Yes a user has to click the link. The issue is that with IM people usually assume that the link is from the actual sender of the IM. So in the case of Yahoo! someone who has you on their buddy list, which is usually someone you chat often wit
Re:so... (Score:5, Informative)
Does your website have an image on it? It can be exploited that way. Does your email render html, even with scripting turned off? It can be exploited that way. A few trusted sites have been compromised with this exploit. Some seedier as networks (with hundreds or thousands of affiliates) are using this to generate cash. There is no patch for Windows ME, 98, or 95 and there will never be as these OSes are unsupported. These systems will ALWAYS have this vulnerability.
Imaginine if someone uploaded this to MySpace (http://www.alexa.com/data/details/traffic_details ?q=&url=www.myspace.com/ [alexa.com]), as they allow full html formatting, embed, iframes and all kinds of crazy crap. One exploit on a popular blog will cause A LOT of damage.
Re:so... (Score:3, Interesting)
Re:Can't think with a hang-over (Score:5, Funny)
Six keystroke loggers,
Five porn diallers!
Four Exploit.WMFs,
Three Mytobs,
Two Bifrose-Ds,
And a homepage stuck on goatse.
Adding the other days and some emphasis... (Score:5, Funny)
Eleven worms-a-wriggling,
Ten Paypal phishes,
Nine ActiveX holes,
Eight Blaster variants,
Seven Sony rootkits,
Six keystroke loggers,
Five porn diallers!
Four Exploit.WMFs,
Three Mytobs,
Two Bifrose-Ds,
And a homepage stuck on goatse.
(You, ettlz, rock.)
Re:Questions re: vulnerabilty (Score:3, Informative)
Without actually knowing I'm pretty sure it'll work. The exploit can work through an image displayed on a webpage and work through a renamed image, so I don't see any reason it wouldn't work with both.
JPG, PNG, GIF etc. all have headers that should surely be checked before displaying the picture. Do IE not do this?
The mimetypethe webserver gave (which will presumably be appli