Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows PCs face ‘huge’ virus threat
Financial Times via Drudge ^ | January 2 2006 18:18 | By Kevin Allison in San Francisco

Posted on 01/02/2006 3:54:03 PM PST by Swordmaker

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

Microsoft said in a security bulletin on its website that it was aware that the vulnerability was being actively exploited. But by early yesterday, it had not yet released an official patch to correct the flaw. “We are working closely with our antivirus partners and aiding law enforcement in its investigation,” the company said. In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources.

Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.

Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston, a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.

Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.

The company could not be reached on Monday for comment.


TOPICS: Extended News; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; patch; security; securityflaw; spyware; trojam; trojan; userfriendly; virus; virusbait; viruses; vulnerability; windows; wmf; worm
Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 201-205 next last

1 posted on 01/02/2006 3:54:05 PM PST by Swordmaker
[ Post Reply | Private Reply | View Replies]

To: backhoe

ping.


2 posted on 01/02/2006 3:55:08 PM PST by Jet Jaguar
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Every version of Windows released since 1990 is affected.

The internet is going to be a might plain looking place without any graphics...


3 posted on 01/02/2006 3:55:11 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

In other news, water is wet, the sky is blue, and women are hard to understand sometimes.


4 posted on 01/02/2006 3:57:06 PM PST by mysterio
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

People need to switch over to Mac.


5 posted on 01/02/2006 3:57:27 PM PST by LEPEN
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker

Reminds me one more time why I love my Mac!


6 posted on 01/02/2006 3:57:42 PM PST by Laserman
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker
Get Root!
7 posted on 01/02/2006 3:58:36 PM PST by Uri’el-2012 (Trust in the YHvH for ever, for the LORD, YHvH is the Rock eternal. (Isaiah 26:4))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Wanted to ask anyone if turning off pictures from laoding in IE helps getting infected.


8 posted on 01/02/2006 3:58:51 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Swordmaker
Go to this Gibson Research page and follow the instructions:

Windows WMF Vulnerability News & Updates

Steve Gibson is trustworthy.

9 posted on 01/02/2006 3:59:06 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

what's the bug? does it only affect web images loaded into Internet Explorer, or is any browser vulnerable?


10 posted on 01/02/2006 3:59:30 PM PST by oceanview
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

As noted on earlier threads, there is a temporary fix at:

http://www.grc.com/sn/notes-020.htm

Bookmark the page, so you can restore this function after Microsoft issues the patch. Gibson is reliable, and explains how to temporarily disable this function and re-enable it after the fix comes out.


11 posted on 01/02/2006 4:00:00 PM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Baraonda

helps getting infected = helps from getting infected.


12 posted on 01/02/2006 4:00:01 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker
Good advertisement for F-secure...


13 posted on 01/02/2006 4:00:19 PM PST by darkwing104 (Let's get dangerous)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

Every version might be affected, but processors that support Data Execution Prevention aren't affected. AMD and Intel users with hardware DEP can turn it on and forget about it.


14 posted on 01/02/2006 4:00:19 PM PST by cabojoe
[ Post Reply | Private Reply | To 3 | View Replies]

To: oceanview
what's the bug? does it only affect web images loaded into Internet Explorer, or is any browser vulnerable?

Apparently any application that uses the Windows dispay graphic DLLs is vulnerable.

15 posted on 01/02/2006 4:00:54 PM PST by Swordmaker (Beware of Geeks bearing GIFs.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Swordmaker
The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week.

Errr, I thought the flaw was in .wmv files, quit downloading porn and music files until the patch comes out.....problem solved.

16 posted on 01/02/2006 4:01:40 PM PST by Decepticon (The sheep pretend the wolf will never come, but the sheepdog lives for that day (NRA)
[ Post Reply | Private Reply | To 1 | View Replies]

To: oceanview

Any browser, any image viewer amd email program is vulnerable. Windows Explorer browser is vulnerable.


17 posted on 01/02/2006 4:01:53 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: LEPEN

The only reason MACs don't have viruses is that nobody targets them.

Software is software. If someone wanted to exploit the MACOS, they could.


18 posted on 01/02/2006 4:02:43 PM PST by Paloma_55 (Which part of "Common Sense" do you not understand???)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Cicero

Please put a caveat that there are currently no fixes for Windows 98, 98 SE and ME.


19 posted on 01/02/2006 4:03:10 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Swordmaker

Steve is grinning from ear to ear over this.
20 posted on 01/02/2006 4:04:19 PM PST by Andy from Beaverton (I only vote Republican to stop the Democrats)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-6061-80 ... 201-205 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson