Here is a snippet from my blog. Full post can be found at jonhoman.wordpress.com (http://jonhoman.wordpress.com)


Oh, and an aside of Windows users. Watch out for the new vulnerability in Windows XP, and possibly older versions as well. An error in the way Microsoft renders Windows Meta Files (WMF) can allow attacks to gain access to your computer and install various software. There is a partial fix floating around the internet right now, but that is said to fix only a part of the problem. Be careful viewing any pictures until Microsoft issues a patch; it is as simple as viewing a webpage to get infected.

Links for those who want know more:

http://isc.sans.org/diary.php

http://secunia.com/advisories/18255/

http://www.kb.cert.org/vuls/id/181038

http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx

http://news.bbc.co.uk/1/hi/technology/4566504.stm

Good to know.... but to tell you the truth I can't remember the last time I've seen a WMF file.

Good to know.... but to tell you the truth I can't remember the last time I've seen a WMF file.

The vulnerability isnt just related to WMF files. People can rename the file to a different extension, say .jpg. But windows looks in the header of the file, which is unchanged, to see how to run the file.

Update on the situation:



Quite a lot has happened since I last posted about the security issue, and I am still trying to read up on everything that has happened. The situation has gotten worse, much worse. We are seeing very fast mutation of the attacks, with a “second generation” attack coming out one day after the first. Read on for more info.

The brief rundown: Early Decemeber 31, a patch was issued by Ilfak Guilfanov that will temporarily fix the situation. Normally, I wouldn’t suggest installed 3rd-party patches to the operating system. But all the security experts that I have read are saying that this is a must right now. For more information on the the patch, look to http://www.hexblog.com/2005/12/wmf_vuln.htm, http://www.grc.com/sn/notes-020.htm, http://www.f-secure.com/weblog/archives/archive-122005.html#00000756.

Especially look at the F-Secure link, they have a concise set of steps to take to secure your computer at the present time.

Next on the timeline, later on the 31st, the first WMF exploit worm was found.
“It was only a matter of time, the first IM-Worm exploiting the wmf vulnerability has been spotted.

We have received multiple reports from the Netherlands about an IM-Worm which spreads via MSN using a link to “http://[snip]/xmas-2006 FUNNY.jpg”.”
-Viruslist.com Weblog, full post at: http://www.viruslist.com/en/weblog?discuss=176892530&return=1.

This so far seemed to be an isolated event, with only about 1000 infections.

On, the 1st, an email-based attack of this exploit was found. Details can be found here: http://www.f-secure.com/weblog/archives/archive-012006.html#00000759. Be wary of emails with subjects like “Happy New Year”, and contain an image attachment of “HappyNewYear.jpg”.

That is a brief recap, follow the links posted above for a detailed explanation of the problem. If you stuck using a Windows machine, please be very carefully browsing the web, checking email, and using IM clients. The problem is very bad: even visiting the wrong website will infect your computer. I would highly suggest installing the 3rd-party patch for this problem and uninstalling it when Microsoft finally releases an official.

These are the time when I am glad to be using a Linux box.

*UPDATE*

I forgot a pretty important link on the situation. Ilfak Guilfanov also has come up with a program that checks if you are vulnerable. It only checks one variant of the problem right now, but it still better than nothing. I would highly suggest running this application as well. It can be found here: http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html