±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: HighestAce
New Today: 0
New Yesterday: 0
Overall: 6648

People Online:
Members: 0
Visitors: 528
Total: 528
Who Is Where:
 Visitors:
01: Home
02: Community Forums
03: Your Account
04: Home
05: News Archive
06: Home
07: Photo Gallery
08: Home
09: Member Screenshots
10: Home
11: Home
12: Community Forums
13: News Archive
14: Downloads
15: Community Forums
16: Downloads
17: Home
18: Community Forums
19: Downloads
20: Community Forums
21: Community Forums
22: Community Forums
23: Home
24: Home
25: Downloads
26: Home
27: Photo Gallery
28: Home
29: Home
30: News Archive
31: Home
32: Downloads
33: Community Forums
34: Downloads
35: Community Forums
36: Community Forums
37: Member Screenshots
38: Home
39: Member Screenshots
40: News
41: Statistics
42: Community Forums
43: Community Forums
44: Community Forums
45: Home
46: Community Forums
47: Photo Gallery
48: Community Forums
49: Photo Gallery
50: Home
51: Home
52: Home
53: Supporters
54: Community Forums
55: Community Forums
56: Community Forums
57: Member Screenshots
58: Community Forums
59: News
60: Community Forums
61: Home
62: Photo Gallery
63: Downloads
64: Community Forums
65: Community Forums
66: Home
67: Community Forums
68: Downloads
69: Member Screenshots
70: Downloads
71: Photo Gallery
72: Community Forums
73: Community Forums
74: Community Forums
75: Your Account
76: Community Forums
77: Community Forums
78: Statistics
79: Home
80: Home
81: Downloads
82: Home
83: Community Forums
84: Member Screenshots
85: Home
86: Community Forums
87: Community Forums
88: Community Forums
89: Home
90: Community Forums
91: Home
92: Community Forums
93: Supporters
94: Home
95: Community Forums
96: Photo Gallery
97: Community Forums
98: News Archive
99: Community Forums
100: Home
101: News Archive
102: Community Forums
103: Home
104: News Archive
105: Community Forums
106: Community Forums
107: Home
108: Member Screenshots
109: Member Screenshots
110: Member Screenshots
111: Community Forums
112: News Archive
113: Member Screenshots
114: Community Forums
115: Community Forums
116: Downloads
117: Home
118: Photo Gallery
119: Downloads
120: Community Forums
121: Member Screenshots
122: Community Forums
123: Home
124: Home
125: Community Forums
126: Community Forums
127: Home
128: Member Screenshots
129: Community Forums
130: Photo Gallery
131: Community Forums
132: Home
133: Home
134: Community Forums
135: Photo Gallery
136: Home
137: Community Forums
138: Search
139: Photo Gallery
140: Community Forums
141: Community Forums
142: Home
143: Home
144: Community Forums
145: Downloads
146: Your Account
147: Home
148: Photo Gallery
149: Community Forums
150: Home
151: Community Forums
152: Home
153: Home
154: Downloads
155: Member Screenshots
156: Community Forums
157: Community Forums
158: News Archive
159: Home
160: Community Forums
161: Community Forums
162: Community Forums
163: Home
164: Community Forums
165: Home
166: Community Forums
167: Downloads
168: Home
169: News Archive
170: Community Forums
171: Member Screenshots
172: Home
173: Photo Gallery
174: Downloads
175: Community Forums
176: Home
177: Community Forums
178: Home
179: Downloads
180: Member Screenshots
181: Home
182: Community Forums
183: Photo Gallery
184: Home
185: Community Forums
186: Downloads
187: Home
188: Photo Gallery
189: Member Screenshots
190: Statistics
191: Home
192: Your Account
193: Community Forums
194: Home
195: Community Forums
196: Home
197: Home
198: Community Forums
199: Home
200: Community Forums
201: Community Forums
202: Photo Gallery
203: Home
204: News Archive
205: News Archive
206: Community Forums
207: Downloads
208: Home
209: Community Forums
210: Downloads
211: Community Forums
212: Community Forums
213: Member Screenshots
214: Community Forums
215: Member Screenshots
216: Community Forums
217: Downloads
218: Home
219: Downloads
220: Community Forums
221: Home
222: Member Screenshots
223: Community Forums
224: News Archive
225: Downloads
226: Downloads
227: Photo Gallery
228: Community Forums
229: Community Forums
230: Downloads
231: Home
232: Home
233: Community Forums
234: Community Forums
235: Community Forums
236: Community Forums
237: Community Forums
238: Community Forums
239: Downloads
240: Community Forums
241: Home
242: Community Forums
243: Search
244: News
245: Community Forums
246: Downloads
247: Member Screenshots
248: Community Forums
249: Community Forums
250: Home
251: Home
252: Home
253: Photo Gallery
254: Treasury
255: Community Forums
256: Home
257: Member Screenshots
258: Home
259: Community Forums
260: Home
261: Home
262: Your Account
263: Community Forums
264: Member Screenshots
265: Member Screenshots
266: Statistics
267: LinkToUs
268: Community Forums
269: Community Forums
270: Home
271: Home
272: Home
273: Home
274: Home
275: Community Forums
276: Community Forums
277: Home
278: Member Screenshots
279: Community Forums
280: Home
281: Community Forums
282: Community Forums
283: Member Screenshots
284: Community Forums
285: Community Forums
286: Community Forums
287: Community Forums
288: Community Forums
289: Community Forums
290: Home
291: News Archive
292: LinkToUs
293: Community Forums
294: Member Screenshots
295: Community Forums
296: Home
297: Community Forums
298: Home
299: Downloads
300: Community Forums
301: News
302: Community Forums
303: Photo Gallery
304: Tell a Friend
305: Home
306: Home
307: Community Forums
308: Community Forums
309: Community Forums
310: Home
311: Home
312: Home
313: Photo Gallery
314: Community Forums
315: Community Forums
316: Home
317: Community Forums
318: Member Screenshots
319: Home
320: Community Forums
321: Home
322: Community Forums
323: Community Forums
324: Community Forums
325: Home
326: Community Forums
327: Home
328: Community Forums
329: Home
330: Home
331: Community Forums
332: Community Forums
333: Home
334: Community Forums
335: Home
336: Home
337: Home
338: Home
339: Community Forums
340: Home
341: Downloads
342: Community Forums
343: Community Forums
344: Community Forums
345: Home
346: Home
347: Member Screenshots
348: Downloads
349: Home
350: Downloads
351: Home
352: News Archive
353: Community Forums
354: Community Forums
355: Home
356: Member Screenshots
357: News Archive
358: Community Forums
359: Community Forums
360: Community Forums
361: Community Forums
362: Photo Gallery
363: Home
364: Home
365: Home
366: Community Forums
367: Home
368: News
369: Community Forums
370: Community Forums
371: Community Forums
372: News
373: Community Forums
374: Community Forums
375: Photo Gallery
376: Community Forums
377: Home
378: Community Forums
379: Community Forums
380: Community Forums
381: Community Forums
382: Community Forums
383: Community Forums
384: Community Forums
385: Member Screenshots
386: Community Forums
387: Community Forums
388: Downloads
389: Community Forums
390: Community Forums
391: Home
392: Community Forums
393: Community Forums
394: Community Forums
395: Downloads
396: Member Screenshots
397: Community Forums
398: Community Forums
399: Community Forums
400: Community Forums
401: Tell a Friend
402: Home
403: Home
404: Photo Gallery
405: Community Forums
406: Community Forums
407: Photo Gallery
408: Statistics
409: Downloads
410: Home
411: Member Screenshots
412: Home
413: Member Screenshots
414: Community Forums
415: News Archive
416: Home
417: Downloads
418: Home
419: Community Forums
420: Community Forums
421: Community Forums
422: Community Forums
423: Home
424: Member Screenshots
425: News Archive
426: Home
427: News
428: Home
429: News Archive
430: Home
431: Community Forums
432: News Archive
433: Community Forums
434: Community Forums
435: Community Forums
436: Community Forums
437: Community Forums
438: Home
439: Home
440: Community Forums
441: Home
442: Community Forums
443: Community Forums
444: Member Screenshots
445: Community Forums
446: News
447: Community Forums
448: Home
449: Community Forums
450: Home
451: News Archive
452: Community Forums
453: Home
454: Community Forums
455: Community Forums
456: Member Screenshots
457: Photo Gallery
458: Community Forums
459: Downloads
460: Community Forums
461: Photo Gallery
462: Home
463: Home
464: Community Forums
465: Downloads
466: Community Forums
467: Community Forums
468: Community Forums
469: Home
470: Community Forums
471: Downloads
472: Downloads
473: Downloads
474: Home
475: Downloads
476: Your Account
477: News Archive
478: Community Forums
479: Home
480: Photo Gallery
481: Community Forums
482: News Archive
483: Community Forums
484: Home
485: Community Forums
486: Home
487: Community Forums
488: Community Forums
489: Home
490: Photo Gallery
491: Statistics
492: Community Forums
493: News Archive
494: Downloads
495: Home
496: Member Screenshots
497: Home
498: Home
499: Community Forums
500: Photo Gallery
501: Community Forums
502: Member Screenshots
503: Downloads
504: Home
505: Community Forums
506: Home
507: News Archive
508: News Archive
509: Community Forums
510: Community Forums
511: Home
512: Community Forums
513: Community Forums
514: Home
515: News Archive
516: Photo Gallery
517: Contact
518: Home
519: Home
520: Community Forums
521: Home
522: Home
523: Community Forums
524: Home
525: Your Account
526: Community Forums
527: Community Forums
528: Home

Staff Online:

No staff members are online!
This looks like a bad one! :: Archived
Resolve issues with your computer problems here or read about the latest computer parts and information.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Hardware

Topic Archived View previous topic :: View next topic  
Author Message
JG300-Ascout
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 6257
Location: Cyberspace
PostPosted: Sun Jan 01, 2006 5:53 pm
Post subject: This looks like a bad one!

www.foxnews.com/story/...44,00.html

Advice on impementing the fix from y'all?
__________________________________________________________
'Extremely Critical Flaw' in Windows Discovered, Already Exploited
Friday, December 30, 2005
By Lisa Vaas




Microsoft Corp. has issued a security advisory for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) that is now being exploited on fully patched systems by malicious attackers.
Websense Security Labs is tracking thousands of sites distributing the exploit code from a site called iFrameCASH BUSINESS.
That site and numerous others are distributing spyware and other unwanted software, replacing users' desktop backgrounds with a message that warns of spyware infection and which prompts the user to enter credit card information to pay for a "spyware cleaning" application to remove the detected spyware.
Vulnerable operating systems include a slew of Windows Server 2003 editions: Datacenter Edition, Enterprise Edition, Standard Edition and Web Edition.
Also at risk are Windows XP Home Edition and Windows XP Professional, making both home users and businesses open to attack.
In this fluid attack, researchers have kept up a steady stream of new details about the extent of the exploit's reach, with Google Desktop being the latest reported vector.
F-Secure reported on Wednesday that Google Desktop tries to index image files with the exploit, executing it in the process. F-Secure reports that this exploitation-via-indexing may wind up occurring with other desktop search engines as well.
(Story continues below)


Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether.
A workaround called REGSVR32 has been posted and was included in Microsoft's advisory. However, it should be noted that as of Thursday evening, some security researchers were reporting that the workaround is not fully successful.
The workaround is as follows, as quoted from the advisory:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%system32shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
� Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%system32shimgvw.dll" (without the quotation marks).
F-Secure notes that this workaround beats filtering .wmf files, given that files with other image extensions � such as BMP, GIF, JPG, JPEG, TIFF, etc. � can be used to exploit machines.
F-Secure also recommends filtering domains at corporate firewalls. These sites should be listed as off-limits:
toolbarbiz.business
toolbarsite.biz
toolbartraff.biz
toolbarurl.biz
buytoolbar.biz
buytraff.biz
iframebiz.biz
iframecash.biz
iframesite.biz
iframetraff.biz
iframeurl.business
F-Secure notes that it's seen 57 versions of this malicious .wmf file exploit as of Thursday, detected as PFV-Exploit.
The security firm is predicting that, even though the exploit has only been used to install spyware or fake antispyware/antivirus software thus far, it anticipates that real viruses will start to spread soon.
According to the Sunbelt Software blog, "any application that automatically displays a WMF image" can be a vector for infection, including older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all Windows versions.
"This is a zero-day exploit, the kind that give security researchers cold chills," according to Sunbelt's blog. "You can get infected by simply viewing an infected WMF image."
According to F-Secure, Trojan downloaders are taking advantage of the vulnerability to install Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, Trojan.Win32.Small.ga and Trojan.Win32.Small.ev.
F-Secure also reports that some of the Trojans install hoax anti-malware programs such as Avgold.
F-Secure traced the exploit to Russian sites, one of which is allegedly registered to former Soviet Union President Mikhail Gorbachev.
Sunbelt warns that users are likely to get infected by being directed to one of the sites via spam that offer dirty pictures, free software or other bait.
The attack works by tricking users into opening malicious ".wmf" files in "Windows Picture and Fax Viewer" or by previewing such a file by selecting it in Windows Explorer. The attack can also be triggered automatically when visiting malicious Web sites via Internet Explorer.
Although Secunia deemed the flaw highly critical, at least one security researcher was dismissive of the bug's severity.
Pete Lindstrom, research director for Spire Security LLC, said that at this stage in the game, anything that requires user interaction is hardly worth notice.
"There's no such thing as 'extremely critical' when user interaction is required," Lindstrom said. "That's just silly."
But as far as using IE goes, download of malicious software is automatic, happening immediately upon going to the site, pointed out Alex Eckelberry, president of Sunbelt Software.
"There is no user interaction required," he wrote in an e-mail exchange. "You hit the Web site, you get hit immediately. No prompts, nothing."
John Pescatore, an analyst with Gartner Inc., said that this type of attack may be slowed down by requiring users to click on a malicious .wmf file or to go to a malicious Web site, but that doesn't mean it won't spread fast, given users' willingness to click on bait.
"One of these [attacks] where clicking on a URL [is involved], those can spread pretty fast," he said, given users' proclivity to click away.
"We do online consumer studies. Two years ago, 30 percent had fallen for phishing [schemes]. They entered their user name, password or credit card information. This year, many fewer completely fell for them, but they still clicked on the link in the phishing e-mail."
Given the rise of keystroke loggers that can automatically be downloaded onto a user's system after the user visits a malicious site, that means the Web-surfing population is still ripe for phishing, Pescatore said.
"They're still clicking on links, and whenever malicious software gets installed, that's when you get a critical rating, because all sorts of bad things can happen."
According to Secunia, the vulnerability is caused by an error in handling corrupted .wmf files � a graphics file format used to exchange graphics information between Microsoft Windows applications that can hold vector and bit-mapped images.
Secunia confirmed the vulnerability on a fully patched system running Windows XP SP2. The advisory said that Windows Server 2003 SP0 and SP1 systems have also reportedly been affected.
A Microsoft spokesman told eWEEK in an e-mail exchange on Wednesday that Microsoft "is investigating new public reports of a possible vulnerability in Windows," although he didn't give an ETA for a patch.
"Microsoft will continue to investigate the public reports to help provide additional guidance for customers," he said. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs."
The spokesman went on to encourage customers to follow Microsoft's Protect Your PC guidelines of enabling a firewall, getting software updates and installing anti-virus software.
Customers who think they've been affected can also contact Product Support Services, which is at 1-866-PCSAFETY in North America or at support.microsoft.com/security for outside North America.
Microsoft also advises customers who think they've been attacked to contact their local FBI office or to post the incident on www.ifccfbi.gov. Customers outside the United States should contact the national law enforcement agency in their country, the spokesman said.
The advisory issued by Microsoft later on Wednesday said that Microsoft is aware of the code, which allows an attacker "to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image."
Microsoft's advisory echoed Lindstrom's take, however, stating that attackers have "no way to force users to visit a malicious Web site."
Instead, the advisory continued, attackers have to persuade users to visit the sites, "typically by getting them to click a link that takes them to the attacker's Web site."
The advisory said that Microsoft would either be issuing a patch through its monthly release process or would provide an out-of-cycle security update, "depending on customer needs."
Microsoft's spokesman declined to state how many customers had reported that they had been victimized by the attack.
Secunia advised that users avoid opening or previewing untrusted .wmf files, as well as set security level to "High" in IE.
Lindstrom noted that the long-term answer to dealing with what he called this type of "flotsam and jetsam" of constant security alerts is to install host intrusion prevention software to designate what software is allowed to run on a system and what it's allowed to do.
As far as the short-term response to this particular vulnerability goes, Lindstrom echoed Secunia's advisory when it comes to untrusted files: "Don't click on it," he said.
Editor's Note: This story was updated to include Microsoft's statement, more on the recommended workaround and more details about the exploit from Sunbelt and F-Secure.

_________________
"All facts go to clearly prove that Shades is a thrice-cursed traitor & mentally deranged person steeped in inveterate enmity toward mankind"
Back to top
View user's profile Photo Gallery
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 7019
Location: Central Illinois, USA
PostPosted: Wed Jan 04, 2006 11:51 am
Post subject: Re: This looks like a bad one!

Thanks for the heads up on this one Ascout! I don't know about anyone else, but I like and use WMP quite often... Wink
Back to top
View user's profile Visit poster's website Photo Gallery
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Hardware
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.