±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: cgsimpson
New Today: 0
New Yesterday: 0
Overall: 6645

People Online:
Members: 0
Visitors: 624
Total: 624
Who Is Where:
 Visitors:
01: Community Forums
02: Community Forums
03: Community Forums
04: Photo Gallery
05: Your Account
06: Downloads
07: Community Forums
08: Your Account
09: Community Forums
10: Community Forums
11: Member Screenshots
12: Downloads
13: Community Forums
14: Photo Gallery
15: Community Forums
16: Home
17: Community Forums
18: Community Forums
19: Community Forums
20: Photo Gallery
21: Community Forums
22: Community Forums
23: Photo Gallery
24: Community Forums
25: Search
26: Photo Gallery
27: Home
28: Contact
29: Photo Gallery
30: Member Screenshots
31: Community Forums
32: Community Forums
33: Member Screenshots
34: Community Forums
35: Downloads
36: Community Forums
37: Community Forums
38: Photo Gallery
39: Community Forums
40: Photo Gallery
41: Home
42: Photo Gallery
43: Community Forums
44: Photo Gallery
45: Your Account
46: Community Forums
47: Search
48: News
49: Community Forums
50: Downloads
51: Community Forums
52: CPGlang
53: Home
54: Statistics
55: Community Forums
56: Your Account
57: Community Forums
58: Photo Gallery
59: Home
60: Community Forums
61: Community Forums
62: Photo Gallery
63: Home
64: Community Forums
65: Photo Gallery
66: Community Forums
67: Community Forums
68: Photo Gallery
69: Community Forums
70: Home
71: Community Forums
72: Photo Gallery
73: Statistics
74: Photo Gallery
75: Community Forums
76: Community Forums
77: Community Forums
78: Community Forums
79: Home
80: Photo Gallery
81: Community Forums
82: Downloads
83: Community Forums
84: Member Screenshots
85: Community Forums
86: Photo Gallery
87: Community Forums
88: Community Forums
89: Community Forums
90: CPGlang
91: Community Forums
92: Downloads
93: Downloads
94: Photo Gallery
95: Community Forums
96: Community Forums
97: Community Forums
98: Downloads
99: Community Forums
100: Photo Gallery
101: Photo Gallery
102: Community Forums
103: Community Forums
104: Community Forums
105: Community Forums
106: Downloads
107: Community Forums
108: Photo Gallery
109: Downloads
110: Community Forums
111: Community Forums
112: Photo Gallery
113: Community Forums
114: Member Screenshots
115: Community Forums
116: CPGlang
117: Community Forums
118: Photo Gallery
119: Home
120: Community Forums
121: CPGlang
122: Community Forums
123: Community Forums
124: Downloads
125: Downloads
126: Community Forums
127: Community Forums
128: Your Account
129: Photo Gallery
130: Home
131: Community Forums
132: Community Forums
133: Your Account
134: Community Forums
135: Community Forums
136: Your Account
137: Photo Gallery
138: Home
139: Photo Gallery
140: Community Forums
141: Home
142: Community Forums
143: Community Forums
144: Community Forums
145: Photo Gallery
146: Home
147: Photo Gallery
148: News
149: Downloads
150: Community Forums
151: Photo Gallery
152: Community Forums
153: Community Forums
154: Home
155: Community Forums
156: Community Forums
157: Community Forums
158: Photo Gallery
159: Community Forums
160: Photo Gallery
161: Community Forums
162: Community Forums
163: Community Forums
164: Photo Gallery
165: Community Forums
166: Home
167: Home
168: Photo Gallery
169: Community Forums
170: Member Screenshots
171: Community Forums
172: Community Forums
173: Photo Gallery
174: Statistics
175: Community Forums
176: Community Forums
177: Community Forums
178: Community Forums
179: Photo Gallery
180: Downloads
181: Community Forums
182: Community Forums
183: Community Forums
184: Home
185: News Archive
186: Community Forums
187: Community Forums
188: Member Screenshots
189: Photo Gallery
190: Photo Gallery
191: Your Account
192: Photo Gallery
193: Member Screenshots
194: Community Forums
195: Community Forums
196: Community Forums
197: Community Forums
198: Community Forums
199: Community Forums
200: Community Forums
201: Community Forums
202: Community Forums
203: Community Forums
204: Community Forums
205: Community Forums
206: Community Forums
207: Your Account
208: Community Forums
209: Community Forums
210: Photo Gallery
211: Community Forums
212: Community Forums
213: Community Forums
214: CPGlang
215: Community Forums
216: Photo Gallery
217: Photo Gallery
218: Photo Gallery
219: Photo Gallery
220: Community Forums
221: Community Forums
222: Community Forums
223: Community Forums
224: Community Forums
225: Community Forums
226: Community Forums
227: Community Forums
228: Photo Gallery
229: Community Forums
230: Your Account
231: Community Forums
232: Home
233: Home
234: Home
235: Community Forums
236: Community Forums
237: Downloads
238: Downloads
239: Home
240: Photo Gallery
241: Community Forums
242: Community Forums
243: Community Forums
244: Community Forums
245: Photo Gallery
246: Photo Gallery
247: Photo Gallery
248: Community Forums
249: Community Forums
250: Community Forums
251: Community Forums
252: Community Forums
253: Photo Gallery
254: Photo Gallery
255: Community Forums
256: Community Forums
257: Community Forums
258: Home
259: Photo Gallery
260: Community Forums
261: Community Forums
262: Downloads
263: Community Forums
264: Community Forums
265: Home
266: Downloads
267: Community Forums
268: Community Forums
269: Statistics
270: Downloads
271: Community Forums
272: Community Forums
273: Community Forums
274: Photo Gallery
275: Photo Gallery
276: Community Forums
277: Community Forums
278: Community Forums
279: Photo Gallery
280: CPGlang
281: Home
282: Member Screenshots
283: Community Forums
284: Home
285: Community Forums
286: Photo Gallery
287: Community Forums
288: Community Forums
289: Photo Gallery
290: Community Forums
291: Community Forums
292: Community Forums
293: Community Forums
294: Community Forums
295: Community Forums
296: Downloads
297: Community Forums
298: Community Forums
299: Community Forums
300: Community Forums
301: Statistics
302: Community Forums
303: Community Forums
304: Community Forums
305: Community Forums
306: Photo Gallery
307: Photo Gallery
308: Community Forums
309: Community Forums
310: Community Forums
311: Statistics
312: Community Forums
313: Community Forums
314: Community Forums
315: Community Forums
316: Community Forums
317: Photo Gallery
318: CPGlang
319: Photo Gallery
320: CPGlang
321: Community Forums
322: Community Forums
323: Photo Gallery
324: Community Forums
325: Community Forums
326: Home
327: Community Forums
328: Community Forums
329: Community Forums
330: Community Forums
331: Photo Gallery
332: Community Forums
333: Community Forums
334: Community Forums
335: Photo Gallery
336: Community Forums
337: Community Forums
338: Community Forums
339: Community Forums
340: Community Forums
341: Photo Gallery
342: Statistics
343: Community Forums
344: Community Forums
345: Community Forums
346: Photo Gallery
347: Home
348: Community Forums
349: Community Forums
350: Community Forums
351: Photo Gallery
352: Community Forums
353: Community Forums
354: Community Forums
355: Community Forums
356: Community Forums
357: Community Forums
358: Community Forums
359: Home
360: Photo Gallery
361: Photo Gallery
362: Community Forums
363: Community Forums
364: Photo Gallery
365: Community Forums
366: Community Forums
367: Home
368: Home
369: Home
370: Photo Gallery
371: Your Account
372: Member Screenshots
373: Home
374: Community Forums
375: Community Forums
376: Community Forums
377: Community Forums
378: Community Forums
379: Photo Gallery
380: Community Forums
381: Home
382: Community Forums
383: Community Forums
384: Community Forums
385: Community Forums
386: Home
387: Community Forums
388: Community Forums
389: Community Forums
390: Community Forums
391: Member Screenshots
392: Community Forums
393: News Archive
394: Community Forums
395: Community Forums
396: Community Forums
397: Community Forums
398: Downloads
399: Community Forums
400: Home
401: Community Forums
402: Home
403: Community Forums
404: Community Forums
405: Community Forums
406: Community Forums
407: Statistics
408: Community Forums
409: Statistics
410: Home
411: Community Forums
412: Community Forums
413: Community Forums
414: Community Forums
415: Photo Gallery
416: Downloads
417: Community Forums
418: Photo Gallery
419: Community Forums
420: Photo Gallery
421: Photo Gallery
422: CPGlang
423: Community Forums
424: Photo Gallery
425: Community Forums
426: Home
427: Photo Gallery
428: CPGlang
429: Community Forums
430: Photo Gallery
431: Downloads
432: Photo Gallery
433: Community Forums
434: Community Forums
435: Community Forums
436: Home
437: Community Forums
438: Home
439: Community Forums
440: Home
441: Home
442: Community Forums
443: Community Forums
444: Community Forums
445: Member Screenshots
446: Community Forums
447: Community Forums
448: Photo Gallery
449: Home
450: Community Forums
451: Community Forums
452: Home
453: Community Forums
454: Community Forums
455: Community Forums
456: Community Forums
457: Community Forums
458: Community Forums
459: Community Forums
460: Statistics
461: News Archive
462: Home
463: Community Forums
464: Photo Gallery
465: Community Forums
466: Photo Gallery
467: Community Forums
468: Community Forums
469: Photo Gallery
470: Downloads
471: Photo Gallery
472: Community Forums
473: Photo Gallery
474: Photo Gallery
475: Statistics
476: Photo Gallery
477: Home
478: Community Forums
479: Community Forums
480: Home
481: Downloads
482: Member Screenshots
483: Photo Gallery
484: Home
485: Photo Gallery
486: Community Forums
487: Member Screenshots
488: Photo Gallery
489: Community Forums
490: Downloads
491: Community Forums
492: Community Forums
493: Photo Gallery
494: Community Forums
495: Your Account
496: Community Forums
497: Community Forums
498: Community Forums
499: Community Forums
500: Community Forums
501: Downloads
502: Community Forums
503: Community Forums
504: Community Forums
505: Community Forums
506: Home
507: Community Forums
508: Your Account
509: Community Forums
510: Community Forums
511: Community Forums
512: Photo Gallery
513: Photo Gallery
514: Home
515: Home
516: Member Screenshots
517: Community Forums
518: Community Forums
519: Community Forums
520: Community Forums
521: Community Forums
522: Community Forums
523: Community Forums
524: Community Forums
525: Community Forums
526: Community Forums
527: Community Forums
528: Home
529: Photo Gallery
530: Home
531: Community Forums
532: Your Account
533: Community Forums
534: Community Forums
535: Community Forums
536: Community Forums
537: Community Forums
538: Photo Gallery
539: Community Forums
540: Community Forums
541: Community Forums
542: Photo Gallery
543: Community Forums
544: Photo Gallery
545: Community Forums
546: Community Forums
547: Community Forums
548: Photo Gallery
549: Photo Gallery
550: Your Account
551: Community Forums
552: Community Forums
553: Community Forums
554: Community Forums
555: Downloads
556: Community Forums
557: Community Forums
558: Community Forums
559: Downloads
560: Community Forums
561: Photo Gallery
562: Home
563: Community Forums
564: Photo Gallery
565: Community Forums
566: Community Forums
567: Community Forums
568: Community Forums
569: Community Forums
570: Community Forums
571: Community Forums
572: Home
573: Downloads
574: Community Forums
575: Community Forums
576: Community Forums
577: Community Forums
578: Your Account
579: Community Forums
580: Community Forums
581: Home
582: Photo Gallery
583: Home
584: Home
585: Community Forums
586: Community Forums
587: Community Forums
588: Community Forums
589: Photo Gallery
590: Community Forums
591: Community Forums
592: Community Forums
593: Community Forums
594: Community Forums
595: Community Forums
596: Community Forums
597: Community Forums
598: Community Forums
599: Community Forums
600: Statistics
601: Downloads
602: Home
603: Downloads
604: CPGlang
605: Photo Gallery
606: Community Forums
607: Community Forums
608: Community Forums
609: Community Forums
610: Community Forums
611: Photo Gallery
612: Community Forums
613: Community Forums
614: Community Forums
615: Community Forums
616: Photo Gallery
617: Community Forums
618: Downloads
619: Downloads
620: Community Forums
621: Community Forums
622: Community Forums
623: Community Forums
624: Community Forums

Staff Online:

No staff members are online!
This looks like a bad one! :: Archived
Resolve issues with your computer problems here or read about the latest computer parts and information.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Hardware

Topic Archived View previous topic :: View next topic  
Author Message
JG300-Ascout
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 6257
Location: Cyberspace
PostPosted: Sun Jan 01, 2006 5:53 pm
Post subject: This looks like a bad one!

www.foxnews.com/story/...44,00.html

Advice on impementing the fix from y'all?
__________________________________________________________
'Extremely Critical Flaw' in Windows Discovered, Already Exploited
Friday, December 30, 2005
By Lisa Vaas




Microsoft Corp. has issued a security advisory for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) that is now being exploited on fully patched systems by malicious attackers.
Websense Security Labs is tracking thousands of sites distributing the exploit code from a site called iFrameCASH BUSINESS.
That site and numerous others are distributing spyware and other unwanted software, replacing users' desktop backgrounds with a message that warns of spyware infection and which prompts the user to enter credit card information to pay for a "spyware cleaning" application to remove the detected spyware.
Vulnerable operating systems include a slew of Windows Server 2003 editions: Datacenter Edition, Enterprise Edition, Standard Edition and Web Edition.
Also at risk are Windows XP Home Edition and Windows XP Professional, making both home users and businesses open to attack.
In this fluid attack, researchers have kept up a steady stream of new details about the extent of the exploit's reach, with Google Desktop being the latest reported vector.
F-Secure reported on Wednesday that Google Desktop tries to index image files with the exploit, executing it in the process. F-Secure reports that this exploitation-via-indexing may wind up occurring with other desktop search engines as well.
(Story continues below)


Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether.
A workaround called REGSVR32 has been posted and was included in Microsoft's advisory. However, it should be noted that as of Thursday evening, some security researchers were reporting that the workaround is not fully successful.
The workaround is as follows, as quoted from the advisory:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%system32shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
� Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%system32shimgvw.dll" (without the quotation marks).
F-Secure notes that this workaround beats filtering .wmf files, given that files with other image extensions � such as BMP, GIF, JPG, JPEG, TIFF, etc. � can be used to exploit machines.
F-Secure also recommends filtering domains at corporate firewalls. These sites should be listed as off-limits:
toolbarbiz.business
toolbarsite.biz
toolbartraff.biz
toolbarurl.biz
buytoolbar.biz
buytraff.biz
iframebiz.biz
iframecash.biz
iframesite.biz
iframetraff.biz
iframeurl.business
F-Secure notes that it's seen 57 versions of this malicious .wmf file exploit as of Thursday, detected as PFV-Exploit.
The security firm is predicting that, even though the exploit has only been used to install spyware or fake antispyware/antivirus software thus far, it anticipates that real viruses will start to spread soon.
According to the Sunbelt Software blog, "any application that automatically displays a WMF image" can be a vector for infection, including older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all Windows versions.
"This is a zero-day exploit, the kind that give security researchers cold chills," according to Sunbelt's blog. "You can get infected by simply viewing an infected WMF image."
According to F-Secure, Trojan downloaders are taking advantage of the vulnerability to install Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, Trojan.Win32.Small.ga and Trojan.Win32.Small.ev.
F-Secure also reports that some of the Trojans install hoax anti-malware programs such as Avgold.
F-Secure traced the exploit to Russian sites, one of which is allegedly registered to former Soviet Union President Mikhail Gorbachev.
Sunbelt warns that users are likely to get infected by being directed to one of the sites via spam that offer dirty pictures, free software or other bait.
The attack works by tricking users into opening malicious ".wmf" files in "Windows Picture and Fax Viewer" or by previewing such a file by selecting it in Windows Explorer. The attack can also be triggered automatically when visiting malicious Web sites via Internet Explorer.
Although Secunia deemed the flaw highly critical, at least one security researcher was dismissive of the bug's severity.
Pete Lindstrom, research director for Spire Security LLC, said that at this stage in the game, anything that requires user interaction is hardly worth notice.
"There's no such thing as 'extremely critical' when user interaction is required," Lindstrom said. "That's just silly."
But as far as using IE goes, download of malicious software is automatic, happening immediately upon going to the site, pointed out Alex Eckelberry, president of Sunbelt Software.
"There is no user interaction required," he wrote in an e-mail exchange. "You hit the Web site, you get hit immediately. No prompts, nothing."
John Pescatore, an analyst with Gartner Inc., said that this type of attack may be slowed down by requiring users to click on a malicious .wmf file or to go to a malicious Web site, but that doesn't mean it won't spread fast, given users' willingness to click on bait.
"One of these [attacks] where clicking on a URL [is involved], those can spread pretty fast," he said, given users' proclivity to click away.
"We do online consumer studies. Two years ago, 30 percent had fallen for phishing [schemes]. They entered their user name, password or credit card information. This year, many fewer completely fell for them, but they still clicked on the link in the phishing e-mail."
Given the rise of keystroke loggers that can automatically be downloaded onto a user's system after the user visits a malicious site, that means the Web-surfing population is still ripe for phishing, Pescatore said.
"They're still clicking on links, and whenever malicious software gets installed, that's when you get a critical rating, because all sorts of bad things can happen."
According to Secunia, the vulnerability is caused by an error in handling corrupted .wmf files � a graphics file format used to exchange graphics information between Microsoft Windows applications that can hold vector and bit-mapped images.
Secunia confirmed the vulnerability on a fully patched system running Windows XP SP2. The advisory said that Windows Server 2003 SP0 and SP1 systems have also reportedly been affected.
A Microsoft spokesman told eWEEK in an e-mail exchange on Wednesday that Microsoft "is investigating new public reports of a possible vulnerability in Windows," although he didn't give an ETA for a patch.
"Microsoft will continue to investigate the public reports to help provide additional guidance for customers," he said. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs."
The spokesman went on to encourage customers to follow Microsoft's Protect Your PC guidelines of enabling a firewall, getting software updates and installing anti-virus software.
Customers who think they've been affected can also contact Product Support Services, which is at 1-866-PCSAFETY in North America or at support.microsoft.com/security for outside North America.
Microsoft also advises customers who think they've been attacked to contact their local FBI office or to post the incident on www.ifccfbi.gov. Customers outside the United States should contact the national law enforcement agency in their country, the spokesman said.
The advisory issued by Microsoft later on Wednesday said that Microsoft is aware of the code, which allows an attacker "to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image."
Microsoft's advisory echoed Lindstrom's take, however, stating that attackers have "no way to force users to visit a malicious Web site."
Instead, the advisory continued, attackers have to persuade users to visit the sites, "typically by getting them to click a link that takes them to the attacker's Web site."
The advisory said that Microsoft would either be issuing a patch through its monthly release process or would provide an out-of-cycle security update, "depending on customer needs."
Microsoft's spokesman declined to state how many customers had reported that they had been victimized by the attack.
Secunia advised that users avoid opening or previewing untrusted .wmf files, as well as set security level to "High" in IE.
Lindstrom noted that the long-term answer to dealing with what he called this type of "flotsam and jetsam" of constant security alerts is to install host intrusion prevention software to designate what software is allowed to run on a system and what it's allowed to do.
As far as the short-term response to this particular vulnerability goes, Lindstrom echoed Secunia's advisory when it comes to untrusted files: "Don't click on it," he said.
Editor's Note: This story was updated to include Microsoft's statement, more on the recommended workaround and more details about the exploit from Sunbelt and F-Secure.

_________________
"All facts go to clearly prove that Shades is a thrice-cursed traitor & mentally deranged person steeped in inveterate enmity toward mankind"
Back to top
View user's profile Photo Gallery
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 7015
Location: Central Illinois, USA
PostPosted: Wed Jan 04, 2006 11:51 am
Post subject: Re: This looks like a bad one!

Thanks for the heads up on this one Ascout! I don't know about anyone else, but I like and use WMP quite often... Wink
Back to top
View user's profile Visit poster's website Photo Gallery
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Hardware
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.