nobsMailing List
Sign up for our free monthly e-newsletter.
nobsNetwork
Nobs Network Forum Nobs Invest - Nobs Investment Community Nobs Forex Blog Forex for Beginner
nobsPopular Entries
Jan 20th 2006
I am going to post this on my forum next. While surfing today, there wore a few weird .wmf files that tried to load. I don’t know which surf rotation it was in, because I was running a couple simultaneously. There is no reason to load programs of any kind while you are surfing. If it is not something that you were trying to download, DON’T OPEN IT. New exploits are coming out all of the time. You don’t need to be the one to discover, “oh they managed to hide a virus in that.”
Popularity: 1% [?]
Hi all,
I’ve just checked out some info on the wmf files which are used in windows often to generate images, microsoft just released a patch last week because there was sufficient concern about vulnerabilities with wmf files.
I just copied this section from one website and there is another couple of addresses at the bottom with related info if you want to check them out.
The WMF vulnerability uses images (WMF images) to execute arbitrary code. It will execute just by viewing the image. In most cases, you don’t have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by some indexing software. Viewing a directory in Explorer with ‘Icon size’ images will cause the exploit to be triggered as well. Microsoft initially announced that an official patch would not be available before January 10th 2006 (next regular update cycle). But they did release a patch out of cycle earlier.
* Is it better to use Firefox or Internet Explorer?
Internet Explorer will view the image and trigger the exploit without warning. New versions of Firefox will prompt you before opening the image. However, in most environments this offers little protection given that these are images and are thus considered ’safe’.
* What versions of Windows are affected?
Windows XP, (SP1 and SP2), Windows 2003 are affected by the currently circulating exploits. Other versions may be affected to some extent. Mac OS-X, Unix or BSD is not affected.
Two more sites talking about this are :
http://it.slashdot.org/article.pl?sid=06/01/10/2230212&from=rss
http://www.f-secure.com/weblog/archives/archive-122005.html
The second site is talking about something a lot dreaded, the apparent infection of a worm found in images although this is secondhand info it is cause for concern.
I myself use mozilla firefox browser which I believe to be the most secure browser for autosurfing but I also have avast virus detector running and spywareguard both are free and are great, you can also run zonealarm with these two applications as well which is also free, I’ve never had a problem (yet).
Tony
Hey Tony, your comment definitely deserves a post to warn other people around about the wmf exploit.
After your previous warning, I’ve scanned and checked my PC. To my horror, I’ve like about 4 - 5 malware, most probably from the IE autosurfing. Even Norman didn’t help much.
Straight after I cloned back my original status of my PC, deleted away most of the IE buttons and use Firefox.
Guess what? I’m a happy user and encourage all to switch today.
I find using Avast combined with Spyware Doctor to be an excellent combination.
Also recently, i use another account on the desktop i regularly use to surf.
Basically what i do is create a new user with lowest level of security and use that account to surf. I noticed that because of limited permissions, almost nothing can be installed without the admin account. Add this with Avast and Spyware Doctor, your system is really safe.
Avast managed to detect the WMF exploit and block it everytime.
Also helps to have a good hardware firewall and has the OS updated.
Oh great suggestion! Limited account! blackdragon, are you registered with our blog yet? You should post some entries sometimes! Darn.