±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: cgsimpson
New Today: 0
New Yesterday: 0
Overall: 6645

People Online:
Members: 0
Visitors: 570
Total: 570
Who Is Where:
 Visitors:
01: Community Forums
02: Community Forums
03: Community Forums
04: Community Forums
05: Community Forums
06: Community Forums
07: Community Forums
08: Community Forums
09: Community Forums
10: Community Forums
11: Photo Gallery
12: Community Forums
13: Community Forums
14: Community Forums
15: Community Forums
16: Community Forums
17: Community Forums
18: Community Forums
19: Your Account
20: Community Forums
21: Downloads
22: Home
23: Community Forums
24: Community Forums
25: Community Forums
26: Community Forums
27: Photo Gallery
28: Community Forums
29: Community Forums
30: Community Forums
31: Community Forums
32: Community Forums
33: Community Forums
34: Community Forums
35: Community Forums
36: Home
37: Community Forums
38: Your Account
39: Community Forums
40: Photo Gallery
41: Community Forums
42: Community Forums
43: Photo Gallery
44: Community Forums
45: Photo Gallery
46: Community Forums
47: Community Forums
48: Community Forums
49: Community Forums
50: Community Forums
51: Community Forums
52: Photo Gallery
53: Photo Gallery
54: Community Forums
55: Photo Gallery
56: Community Forums
57: Community Forums
58: Home
59: Community Forums
60: Community Forums
61: Downloads
62: Home
63: Statistics
64: Community Forums
65: Community Forums
66: Member Screenshots
67: Community Forums
68: Community Forums
69: Community Forums
70: Community Forums
71: Community Forums
72: Community Forums
73: Photo Gallery
74: Community Forums
75: Community Forums
76: Home
77: Community Forums
78: Home
79: Photo Gallery
80: Community Forums
81: Photo Gallery
82: Community Forums
83: Photo Gallery
84: Photo Gallery
85: Downloads
86: Downloads
87: Community Forums
88: CPGlang
89: Photo Gallery
90: Community Forums
91: Community Forums
92: Downloads
93: Home
94: Community Forums
95: Home
96: Community Forums
97: Community Forums
98: Home
99: Community Forums
100: Photo Gallery
101: Community Forums
102: Home
103: Photo Gallery
104: Community Forums
105: Community Forums
106: Community Forums
107: Community Forums
108: Community Forums
109: CPGlang
110: Community Forums
111: Community Forums
112: Downloads
113: Community Forums
114: Downloads
115: Home
116: Photo Gallery
117: Community Forums
118: Community Forums
119: Community Forums
120: Community Forums
121: Downloads
122: Home
123: Downloads
124: Community Forums
125: Downloads
126: Home
127: Home
128: Home
129: Home
130: Community Forums
131: Community Forums
132: News Archive
133: Community Forums
134: Statistics
135: Photo Gallery
136: Community Forums
137: Community Forums
138: Community Forums
139: Community Forums
140: Photo Gallery
141: Community Forums
142: Photo Gallery
143: Community Forums
144: Community Forums
145: Community Forums
146: Home
147: Photo Gallery
148: Community Forums
149: Photo Gallery
150: Community Forums
151: Community Forums
152: Community Forums
153: Photo Gallery
154: Community Forums
155: Community Forums
156: Community Forums
157: Community Forums
158: Community Forums
159: Home
160: Community Forums
161: Home
162: Member Screenshots
163: Community Forums
164: Community Forums
165: Community Forums
166: Member Screenshots
167: Photo Gallery
168: Community Forums
169: Community Forums
170: Photo Gallery
171: Photo Gallery
172: Community Forums
173: Community Forums
174: Photo Gallery
175: Community Forums
176: Community Forums
177: Community Forums
178: Community Forums
179: Community Forums
180: Community Forums
181: Statistics
182: Statistics
183: Community Forums
184: Photo Gallery
185: Member Screenshots
186: Community Forums
187: Home
188: Community Forums
189: Community Forums
190: Photo Gallery
191: Photo Gallery
192: CPGlang
193: Home
194: Community Forums
195: Community Forums
196: Community Forums
197: Community Forums
198: Home
199: Community Forums
200: Community Forums
201: Community Forums
202: Community Forums
203: Home
204: Community Forums
205: Community Forums
206: Downloads
207: Community Forums
208: Home
209: Downloads
210: Treasury
211: Community Forums
212: Photo Gallery
213: Downloads
214: Community Forums
215: Community Forums
216: Community Forums
217: Community Forums
218: Community Forums
219: Community Forums
220: Photo Gallery
221: Community Forums
222: Photo Gallery
223: Community Forums
224: Community Forums
225: Community Forums
226: Community Forums
227: Community Forums
228: Photo Gallery
229: Community Forums
230: Photo Gallery
231: Home
232: Community Forums
233: Community Forums
234: Community Forums
235: Photo Gallery
236: Community Forums
237: Community Forums
238: Community Forums
239: Member Screenshots
240: Photo Gallery
241: Community Forums
242: Community Forums
243: Community Forums
244: Downloads
245: Community Forums
246: Community Forums
247: Community Forums
248: Community Forums
249: Community Forums
250: Photo Gallery
251: Community Forums
252: Community Forums
253: Community Forums
254: Community Forums
255: Community Forums
256: Community Forums
257: Community Forums
258: Community Forums
259: News
260: Community Forums
261: Community Forums
262: Community Forums
263: Community Forums
264: Photo Gallery
265: Community Forums
266: Community Forums
267: Community Forums
268: Community Forums
269: Home
270: Community Forums
271: Community Forums
272: Community Forums
273: Community Forums
274: Community Forums
275: Community Forums
276: Home
277: Community Forums
278: Home
279: Community Forums
280: Photo Gallery
281: Community Forums
282: Community Forums
283: Photo Gallery
284: Community Forums
285: Community Forums
286: Community Forums
287: Photo Gallery
288: Home
289: Community Forums
290: Community Forums
291: Photo Gallery
292: Community Forums
293: Community Forums
294: Community Forums
295: Community Forums
296: Downloads
297: Home
298: Home
299: Community Forums
300: Community Forums
301: Community Forums
302: Community Forums
303: Community Forums
304: Community Forums
305: Community Forums
306: Community Forums
307: Photo Gallery
308: Your Account
309: Statistics
310: Community Forums
311: Community Forums
312: Community Forums
313: Community Forums
314: Community Forums
315: Community Forums
316: Community Forums
317: Community Forums
318: Home
319: Community Forums
320: Photo Gallery
321: Community Forums
322: Community Forums
323: Community Forums
324: Home
325: Home
326: Community Forums
327: Community Forums
328: Community Forums
329: Your Account
330: Community Forums
331: Community Forums
332: Photo Gallery
333: Your Account
334: CPGlang
335: Community Forums
336: Community Forums
337: Community Forums
338: Community Forums
339: Community Forums
340: Community Forums
341: Community Forums
342: Community Forums
343: Community Forums
344: Home
345: Photo Gallery
346: Community Forums
347: Community Forums
348: Community Forums
349: Community Forums
350: Home
351: Photo Gallery
352: Photo Gallery
353: Photo Gallery
354: Community Forums
355: Community Forums
356: Community Forums
357: Community Forums
358: Community Forums
359: Your Account
360: Community Forums
361: Downloads
362: Community Forums
363: Community Forums
364: Community Forums
365: Downloads
366: Photo Gallery
367: Community Forums
368: Community Forums
369: Photo Gallery
370: Community Forums
371: Community Forums
372: Community Forums
373: Community Forums
374: Photo Gallery
375: Community Forums
376: Photo Gallery
377: Community Forums
378: Photo Gallery
379: Community Forums
380: Community Forums
381: Community Forums
382: Home
383: Photo Gallery
384: Community Forums
385: Community Forums
386: Community Forums
387: Photo Gallery
388: Community Forums
389: Photo Gallery
390: Community Forums
391: Photo Gallery
392: Home
393: News
394: Community Forums
395: Community Forums
396: Photo Gallery
397: Community Forums
398: Community Forums
399: Photo Gallery
400: Photo Gallery
401: Community Forums
402: Community Forums
403: Home
404: Community Forums
405: Community Forums
406: Community Forums
407: Community Forums
408: Community Forums
409: Statistics
410: Photo Gallery
411: Community Forums
412: Community Forums
413: Community Forums
414: Community Forums
415: Community Forums
416: Photo Gallery
417: Community Forums
418: Home
419: News Archive
420: Community Forums
421: Downloads
422: Community Forums
423: Photo Gallery
424: Community Forums
425: Community Forums
426: Member Screenshots
427: Community Forums
428: Downloads
429: Community Forums
430: Photo Gallery
431: Home
432: Photo Gallery
433: Photo Gallery
434: Community Forums
435: Photo Gallery
436: Home
437: Photo Gallery
438: Community Forums
439: Photo Gallery
440: Community Forums
441: CPGlang
442: Community Forums
443: Community Forums
444: Community Forums
445: Community Forums
446: Home
447: Your Account
448: Community Forums
449: Home
450: Community Forums
451: Downloads
452: Community Forums
453: Member Screenshots
454: Community Forums
455: Community Forums
456: Photo Gallery
457: Community Forums
458: Your Account
459: Community Forums
460: Community Forums
461: Community Forums
462: Community Forums
463: Community Forums
464: Community Forums
465: Photo Gallery
466: Your Account
467: Community Forums
468: CPGlang
469: Community Forums
470: Home
471: Downloads
472: Community Forums
473: Community Forums
474: Community Forums
475: Community Forums
476: Community Forums
477: Photo Gallery
478: Downloads
479: Community Forums
480: Member Screenshots
481: Photo Gallery
482: Community Forums
483: Home
484: Photo Gallery
485: Community Forums
486: Community Forums
487: Community Forums
488: Photo Gallery
489: Community Forums
490: Photo Gallery
491: Community Forums
492: Community Forums
493: Community Forums
494: Community Forums
495: Downloads
496: CPGlang
497: Photo Gallery
498: Photo Gallery
499: Photo Gallery
500: Home
501: Home
502: Photo Gallery
503: Home
504: Home
505: Community Forums
506: Home
507: Community Forums
508: Community Forums
509: Photo Gallery
510: Home
511: Community Forums
512: Community Forums
513: Community Forums
514: Community Forums
515: Community Forums
516: Community Forums
517: Photo Gallery
518: Community Forums
519: Community Forums
520: Community Forums
521: Photo Gallery
522: Community Forums
523: Photo Gallery
524: Community Forums
525: Community Forums
526: Community Forums
527: Community Forums
528: Your Account
529: News Archive
530: Photo Gallery
531: Home
532: Community Forums
533: Home
534: Home
535: Community Forums
536: CPGlang
537: Photo Gallery
538: Photo Gallery
539: Community Forums
540: Photo Gallery
541: Downloads
542: Community Forums
543: Home
544: Community Forums
545: Community Forums
546: Community Forums
547: Community Forums
548: Community Forums
549: Community Forums
550: CPGlang
551: Community Forums
552: Community Forums
553: Community Forums
554: Home
555: Downloads
556: Community Forums
557: Photo Gallery
558: Community Forums
559: Community Forums
560: Community Forums
561: Community Forums
562: Photo Gallery
563: Community Forums
564: Community Forums
565: Community Forums
566: Photo Gallery
567: Downloads
568: Community Forums
569: Community Forums
570: Community Forums

Staff Online:

No staff members are online!
This looks like a bad one! :: Archived
Resolve issues with your computer problems here or read about the latest computer parts and information.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Hardware

Topic Archived View previous topic :: View next topic  
Author Message
JG300-Ascout
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 6257
Location: Cyberspace
PostPosted: Sun Jan 01, 2006 5:53 pm
Post subject: This looks like a bad one!

www.foxnews.com/story/...44,00.html

Advice on impementing the fix from y'all?
__________________________________________________________
'Extremely Critical Flaw' in Windows Discovered, Already Exploited
Friday, December 30, 2005
By Lisa Vaas




Microsoft Corp. has issued a security advisory for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) that is now being exploited on fully patched systems by malicious attackers.
Websense Security Labs is tracking thousands of sites distributing the exploit code from a site called iFrameCASH BUSINESS.
That site and numerous others are distributing spyware and other unwanted software, replacing users' desktop backgrounds with a message that warns of spyware infection and which prompts the user to enter credit card information to pay for a "spyware cleaning" application to remove the detected spyware.
Vulnerable operating systems include a slew of Windows Server 2003 editions: Datacenter Edition, Enterprise Edition, Standard Edition and Web Edition.
Also at risk are Windows XP Home Edition and Windows XP Professional, making both home users and businesses open to attack.
In this fluid attack, researchers have kept up a steady stream of new details about the extent of the exploit's reach, with Google Desktop being the latest reported vector.
F-Secure reported on Wednesday that Google Desktop tries to index image files with the exploit, executing it in the process. F-Secure reports that this exploitation-via-indexing may wind up occurring with other desktop search engines as well.
(Story continues below)


Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether.
A workaround called REGSVR32 has been posted and was included in Microsoft's advisory. However, it should be noted that as of Thursday evening, some security researchers were reporting that the workaround is not fully successful.
The workaround is as follows, as quoted from the advisory:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%system32shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
� Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%system32shimgvw.dll" (without the quotation marks).
F-Secure notes that this workaround beats filtering .wmf files, given that files with other image extensions � such as BMP, GIF, JPG, JPEG, TIFF, etc. � can be used to exploit machines.
F-Secure also recommends filtering domains at corporate firewalls. These sites should be listed as off-limits:
toolbarbiz.business
toolbarsite.biz
toolbartraff.biz
toolbarurl.biz
buytoolbar.biz
buytraff.biz
iframebiz.biz
iframecash.biz
iframesite.biz
iframetraff.biz
iframeurl.business
F-Secure notes that it's seen 57 versions of this malicious .wmf file exploit as of Thursday, detected as PFV-Exploit.
The security firm is predicting that, even though the exploit has only been used to install spyware or fake antispyware/antivirus software thus far, it anticipates that real viruses will start to spread soon.
According to the Sunbelt Software blog, "any application that automatically displays a WMF image" can be a vector for infection, including older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all Windows versions.
"This is a zero-day exploit, the kind that give security researchers cold chills," according to Sunbelt's blog. "You can get infected by simply viewing an infected WMF image."
According to F-Secure, Trojan downloaders are taking advantage of the vulnerability to install Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, Trojan.Win32.Small.ga and Trojan.Win32.Small.ev.
F-Secure also reports that some of the Trojans install hoax anti-malware programs such as Avgold.
F-Secure traced the exploit to Russian sites, one of which is allegedly registered to former Soviet Union President Mikhail Gorbachev.
Sunbelt warns that users are likely to get infected by being directed to one of the sites via spam that offer dirty pictures, free software or other bait.
The attack works by tricking users into opening malicious ".wmf" files in "Windows Picture and Fax Viewer" or by previewing such a file by selecting it in Windows Explorer. The attack can also be triggered automatically when visiting malicious Web sites via Internet Explorer.
Although Secunia deemed the flaw highly critical, at least one security researcher was dismissive of the bug's severity.
Pete Lindstrom, research director for Spire Security LLC, said that at this stage in the game, anything that requires user interaction is hardly worth notice.
"There's no such thing as 'extremely critical' when user interaction is required," Lindstrom said. "That's just silly."
But as far as using IE goes, download of malicious software is automatic, happening immediately upon going to the site, pointed out Alex Eckelberry, president of Sunbelt Software.
"There is no user interaction required," he wrote in an e-mail exchange. "You hit the Web site, you get hit immediately. No prompts, nothing."
John Pescatore, an analyst with Gartner Inc., said that this type of attack may be slowed down by requiring users to click on a malicious .wmf file or to go to a malicious Web site, but that doesn't mean it won't spread fast, given users' willingness to click on bait.
"One of these [attacks] where clicking on a URL [is involved], those can spread pretty fast," he said, given users' proclivity to click away.
"We do online consumer studies. Two years ago, 30 percent had fallen for phishing [schemes]. They entered their user name, password or credit card information. This year, many fewer completely fell for them, but they still clicked on the link in the phishing e-mail."
Given the rise of keystroke loggers that can automatically be downloaded onto a user's system after the user visits a malicious site, that means the Web-surfing population is still ripe for phishing, Pescatore said.
"They're still clicking on links, and whenever malicious software gets installed, that's when you get a critical rating, because all sorts of bad things can happen."
According to Secunia, the vulnerability is caused by an error in handling corrupted .wmf files � a graphics file format used to exchange graphics information between Microsoft Windows applications that can hold vector and bit-mapped images.
Secunia confirmed the vulnerability on a fully patched system running Windows XP SP2. The advisory said that Windows Server 2003 SP0 and SP1 systems have also reportedly been affected.
A Microsoft spokesman told eWEEK in an e-mail exchange on Wednesday that Microsoft "is investigating new public reports of a possible vulnerability in Windows," although he didn't give an ETA for a patch.
"Microsoft will continue to investigate the public reports to help provide additional guidance for customers," he said. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs."
The spokesman went on to encourage customers to follow Microsoft's Protect Your PC guidelines of enabling a firewall, getting software updates and installing anti-virus software.
Customers who think they've been affected can also contact Product Support Services, which is at 1-866-PCSAFETY in North America or at support.microsoft.com/security for outside North America.
Microsoft also advises customers who think they've been attacked to contact their local FBI office or to post the incident on www.ifccfbi.gov. Customers outside the United States should contact the national law enforcement agency in their country, the spokesman said.
The advisory issued by Microsoft later on Wednesday said that Microsoft is aware of the code, which allows an attacker "to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image."
Microsoft's advisory echoed Lindstrom's take, however, stating that attackers have "no way to force users to visit a malicious Web site."
Instead, the advisory continued, attackers have to persuade users to visit the sites, "typically by getting them to click a link that takes them to the attacker's Web site."
The advisory said that Microsoft would either be issuing a patch through its monthly release process or would provide an out-of-cycle security update, "depending on customer needs."
Microsoft's spokesman declined to state how many customers had reported that they had been victimized by the attack.
Secunia advised that users avoid opening or previewing untrusted .wmf files, as well as set security level to "High" in IE.
Lindstrom noted that the long-term answer to dealing with what he called this type of "flotsam and jetsam" of constant security alerts is to install host intrusion prevention software to designate what software is allowed to run on a system and what it's allowed to do.
As far as the short-term response to this particular vulnerability goes, Lindstrom echoed Secunia's advisory when it comes to untrusted files: "Don't click on it," he said.
Editor's Note: This story was updated to include Microsoft's statement, more on the recommended workaround and more details about the exploit from Sunbelt and F-Secure.

_________________
"All facts go to clearly prove that Shades is a thrice-cursed traitor & mentally deranged person steeped in inveterate enmity toward mankind"
Back to top
View user's profile Photo Gallery
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 7015
Location: Central Illinois, USA
PostPosted: Wed Jan 04, 2006 11:51 am
Post subject: Re: This looks like a bad one!

Thanks for the heads up on this one Ascout! I don't know about anyone else, but I like and use WMP quite often... Wink
Back to top
View user's profile Visit poster's website Photo Gallery
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Hardware
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.