Posted on 01/02/2006 5:07:56 AM PST by KeyWest
Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us."
I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
(Excerpt) Read more at isc.sans.org ...
Some screen shots here on this FR post.
Dulls the entire FR experience, but Safety Pup says...
I was referring to the comment in the article about the "irresponsibility" of the person(s) who wrote the virus and released it into the wild on a holiday weekend. The people writing the fix, or those of us who may have to get this fixed know that referring to people who write viruses as irresponsible is just plain wrong. Irresponsible indicates a capacity for responsibilty, and those people are defined simply by the lack of it.
Thanks for your help!
Thanks for your help! I deregistered the .dll and increased my internet security in IE to high.
If I may venture an analogy, it's like discovering that you can't lock your doors. The point isn't to dust for prints or inventory what's missing; it's to tighten up before someone strolls in.
As mentioned before, this is an exploit and not a virus. It is a backdoor way into your computer. WMF (windows meta files) are pictures that can execute programs. This is similar to the problem of Windows Word DOC files that can execute macros or Outlook email messages that can execute scripts.
A malicious person can do all sorts of nasty things to your PC like formatting your C drive or simply using it to distribute child pornography via "zombie" bots. Most of those denial of service attacks on Google and Amazon come from compromised PCs. An enterprising individual can compromise and gain control of thousands of PCs. Imagine what you could do with a thousand PCs under your remote control.
You can access a WMF file via your browser or via an email message. There was a report of a contamination on a "trusted" website, so there is a significant risk.
Steve Gibson's website www.grc.com has a lot on exploits including this one.
As mentioned on another site, a malicious program may be able to re-register that DLL or even a normal application may re-register that DLL in regular activities. There is a lot of criticism of that "workaround".
BTW, changing IE's security higher will not stop this exploit. Turning off the viewing of images will stop it temporarily.
Thanks for the additional info. This is scary.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.