New IM Worm Exploiting WMF Vulnerability 360
An anonymous reader writes "After less than a four days after original mailing list posting there are reports about a new Instant Messaging worm exploiting unpatched Windows Metafile vulnerability. This worm is using MSN to spread, reports Viruslist.com."
Developers, stop using ... (Score:3, Interesting)
From MS' site: [microsoft.com] 4: Block pop-up windows in your browser
My credit union requires that I allow pop-ups! I don't know how many times I've gone to legitimate websites and scratched my head for a while trying to figure out why I wasn't seeing anything - all because I'm blocking pop-ups! Firefox tells you with that little message on top of the window, but you know how it is, after a while, you don't notice it anymore.
Comment removed (Score:4, Interesting)
Another GOOD reason not to run IM! (Score:4, Interesting)
To fix the security risk of IM, either the you give up point to point email that it is to force it though filtering servers (sound like email there again). The Anti-Virus programs on every machine will have to start filtering all that traffic too (wait they are doing this for wmail today also!!)
--
When will people learn that NEW is not always GOOD.
Great.. (Score:3, Interesting)
regsvr32 -u %windir%\system32\shimgvw.dll
BUT according to this analysis, the real fault lies with gdi32.dll ! How the hell do you get rid of that? It's about as deeply embedded in windows as, say, glibc is in Linux distributions..
Fearmongering (Score:4, Interesting)
Can't think with a hang-over (Score:1, Interesting)
"and on the 7th day 'after' Christmas my true-love gave to me"
Re:There needs to be... (Score:4, Interesting)
Nope.
I've had conversations with regular non-techy people. They don't get it; they think that they are safe and/or don't want to think about the dangers or alternatives. Ever. It is not possible to convince them and if you point them to a technical site, they will ignore it. They must come to the decision by themselves after long years of abuse, if they drop Windows at all. That said, to my surprise, my brother in law decided to get a Mac Mini for his kids this Christmas. I gladly helped them configure it and bring over data from the old Windows box they (unfortunately) still use. I've given him that advice for about 5 years, and did not talk with him about it for the last 6 months...so whatever I've said or pointed out to him had very little to do with his decision. (My brother-N-L is a smart guy and does not ignore most other advice w/o good reasons.)
Personally, I just refuse to help them to secure the Windows-based systems they chose to use unless it is a single-function server that I can configure how I see fit. I do reinforce with them just how hard it is to use Microsoft's products in a safe manner; 'exceedingly frustrating and still I'm unconvinced that it is secure when I'm done' is a phrase I use often.
NOTE: I _DO_NOT_ subscribe to the idea that if you keep a system updated with the current patches, use a firewall, and be careful, it is safe to use. If that system is safe, it is more by luck and chance and not by your hard work. This exploit is a perfect example of how all those methods fall apart and can not be relied on.
Re:How do I avoid it? Fixes? (Score:5, Interesting)
For those who want actual advice: http://www.hexblog.com/ [hexblog.com] -- a fix which creates a hook to disable the affected code. The fix has been analyzed by Steve Gibson. [grc.com]
Is this the exploit reported back in November? (Score:3, Interesting)
Comment removed (Score:4, Interesting)
Re:There needs to be... (Score:3, Interesting)
why would they do this? (Score:3, Interesting)
But why would someone make a program specifically designed to make an undetectable/untraceable version of the exploit?
I can only see harm coming from this.
And I'm sorry, but "because it's there" doesn't work when you know there's only negative outcomes of what you do.
Re:so... (Score:3, Interesting)
Re:Yet another fine reason... (Score:2, Interesting)
Re:"because it's there" doesn't cut it... (Score:4, Interesting)
Apparently you fail to realize this was a 0-day exploit. That is, there were people already exploiting this flaw before anyone else found out about it. Because they didn't release their source code do you feel safer by this? So your argument that the attackers aren't "awesome programmers" is completely worthless because these attackers found and wrote the original exploit code to begin with. We don't know how long this flaw may have been used in the wild before this one was found. Some "awesome programmers" could've been using this flaw years ago to break into networks. Re-read my original reply.
Now some people who happen to have analyzed that exploit figured out just exactly how seriously this flaw is and what could be done with it if it's not fixed.
A simple explanation is plenty.
So you're saying that if all the attackers have is a simple explanation that they wouldn't be able to write code based upon that explanation? Yeah right. The people who wrote these sample exploits didn't even have that to begin with and look at what they've been able to come up with. The people ("attackers") who wrote the originally known exploit didn't need a simple explanation either.
So now virus scan writers and IDS maintainers, etc, now have a LOT more information for how to defend against this particular threat. A simple explanation isn't sufficient. Now scanners and IDS can use these discovered methods to improve detection and prevention of exploitation of this flaw.
Again, I just don't see why someone would need to make the most evil version of this possible and distribute the source code.
Well, I can't explain it any clearer. You're using the "security through obscurity" argument that history has shown to be insufficient for protecting our computers and networks.
Re:so... (Score:2, Interesting)
Questions re: vulnerabilty (Score:2, Interesting)
JPG, PNG, GIF etc. all have headers that should surely be checked before displaying the picture. Do IE not do this?
In short, do i have to actively click a "Open this file" dialog on the browser?
Re:How do I avoid it? Fixes? (Score:3, Interesting)
A bunch of automated tests for one piece of software will prevent bugs which effect *functionality*. They cannot find bugs|vulnerabilities which are the result of poor design.
And as for MS making good software, Windows does not even come with a plain text editor which can handle UNIX line termination! Notepad shits all over it, and Wordpad is NOT a reasonable editor to edit source or shell script code. EVERY OTHER text editor in the world, from nano, vim, joe, emacs, the OSX text editor, even fucking DOS edit can handle Unix line termination properly.
MS's goal is to prevent interoperability with any other OS, and within their OS prevent the creation of software which can run on more than one platform. Beyond that they fail in everything.