±Recent Visitors

Recent Visitors to Com-Central!

±User Info-big


Welcome Anonymous

Nickname
Password

Membership:
Latest: cgsimpson
New Today: 0
New Yesterday: 0
Overall: 6645

People Online:
Members: 0
Visitors: 659
Total: 659
Who Is Where:
 Visitors:
01: Community Forums
02: Photo Gallery
03: Downloads
04: Home
05: Community Forums
06: News Archive
07: Photo Gallery
08: Downloads
09: Community Forums
10: Community Forums
11: Community Forums
12: Community Forums
13: Community Forums
14: Photo Gallery
15: Community Forums
16: Community Forums
17: Community Forums
18: Community Forums
19: Community Forums
20: Community Forums
21: Community Forums
22: Your Account
23: Photo Gallery
24: Home
25: Photo Gallery
26: Community Forums
27: Community Forums
28: Community Forums
29: News Archive
30: Photo Gallery
31: Downloads
32: Home
33: Your Account
34: Community Forums
35: Home
36: Community Forums
37: Community Forums
38: Community Forums
39: Community Forums
40: Home
41: Community Forums
42: Community Forums
43: CPGlang
44: Community Forums
45: Community Forums
46: Community Forums
47: Community Forums
48: Home
49: Member Screenshots
50: CPGlang
51: Home
52: Community Forums
53: Community Forums
54: Community Forums
55: Home
56: Your Account
57: Home
58: Community Forums
59: Photo Gallery
60: Your Account
61: Community Forums
62: Home
63: Community Forums
64: Home
65: Photo Gallery
66: Downloads
67: Photo Gallery
68: Community Forums
69: Home
70: Community Forums
71: Community Forums
72: Community Forums
73: Home
74: Photo Gallery
75: Photo Gallery
76: Community Forums
77: Home
78: Community Forums
79: Home
80: Community Forums
81: Photo Gallery
82: Photo Gallery
83: Home
84: Community Forums
85: CPGlang
86: Community Forums
87: Statistics
88: Community Forums
89: Home
90: Home
91: Community Forums
92: Community Forums
93: Photo Gallery
94: Community Forums
95: Community Forums
96: CPGlang
97: Community Forums
98: Community Forums
99: Community Forums
100: Community Forums
101: Photo Gallery
102: Community Forums
103: Community Forums
104: Community Forums
105: Photo Gallery
106: Community Forums
107: Community Forums
108: Home
109: Community Forums
110: Community Forums
111: Home
112: Your Account
113: Home
114: Community Forums
115: Your Account
116: Community Forums
117: Community Forums
118: Photo Gallery
119: Community Forums
120: Community Forums
121: CPGlang
122: Community Forums
123: Photo Gallery
124: Home
125: News Archive
126: Home
127: Community Forums
128: Home
129: Community Forums
130: Community Forums
131: Community Forums
132: Community Forums
133: CPGlang
134: Photo Gallery
135: Photo Gallery
136: Home
137: Community Forums
138: Home
139: Home
140: Community Forums
141: Community Forums
142: Your Account
143: Downloads
144: Community Forums
145: Your Account
146: Community Forums
147: Community Forums
148: Community Forums
149: Photo Gallery
150: Community Forums
151: Home
152: Photo Gallery
153: Home
154: Community Forums
155: Community Forums
156: Community Forums
157: Community Forums
158: Home
159: CPGlang
160: Photo Gallery
161: Community Forums
162: Community Forums
163: Community Forums
164: Community Forums
165: Community Forums
166: Community Forums
167: Community Forums
168: Home
169: Member Screenshots
170: Community Forums
171: Community Forums
172: Community Forums
173: Photo Gallery
174: Community Forums
175: Photo Gallery
176: Home
177: Community Forums
178: Downloads
179: Home
180: Community Forums
181: Photo Gallery
182: Home
183: Photo Gallery
184: Community Forums
185: Community Forums
186: Community Forums
187: Community Forums
188: Community Forums
189: Home
190: Photo Gallery
191: Your Account
192: Downloads
193: Home
194: Community Forums
195: Photo Gallery
196: Community Forums
197: Home
198: Member Screenshots
199: Home
200: Community Forums
201: Community Forums
202: Community Forums
203: CPGlang
204: Community Forums
205: Community Forums
206: Community Forums
207: Home
208: Community Forums
209: Community Forums
210: Home
211: Community Forums
212: Community Forums
213: Downloads
214: Photo Gallery
215: Community Forums
216: Community Forums
217: Community Forums
218: Downloads
219: Photo Gallery
220: Community Forums
221: Home
222: Home
223: Photo Gallery
224: Photo Gallery
225: CPGlang
226: Home
227: Photo Gallery
228: Community Forums
229: Photo Gallery
230: Community Forums
231: Home
232: Community Forums
233: Photo Gallery
234: Photo Gallery
235: Home
236: Photo Gallery
237: Community Forums
238: Home
239: Community Forums
240: Community Forums
241: Photo Gallery
242: Community Forums
243: Community Forums
244: Community Forums
245: Community Forums
246: Photo Gallery
247: Photo Gallery
248: Community Forums
249: Downloads
250: Photo Gallery
251: Community Forums
252: Home
253: Community Forums
254: Community Forums
255: Community Forums
256: Photo Gallery
257: Community Forums
258: Home
259: Community Forums
260: Community Forums
261: Community Forums
262: Photo Gallery
263: Community Forums
264: Photo Gallery
265: Community Forums
266: Community Forums
267: Member Screenshots
268: Community Forums
269: Community Forums
270: Community Forums
271: Community Forums
272: Community Forums
273: Community Forums
274: Home
275: Home
276: Community Forums
277: Community Forums
278: Community Forums
279: Home
280: Home
281: Community Forums
282: Home
283: Photo Gallery
284: CPGlang
285: Member Screenshots
286: Home
287: Home
288: Community Forums
289: Community Forums
290: Photo Gallery
291: Community Forums
292: Downloads
293: Home
294: Community Forums
295: Home
296: Community Forums
297: Photo Gallery
298: Downloads
299: CPGlang
300: Home
301: Community Forums
302: Home
303: Downloads
304: Community Forums
305: Community Forums
306: Home
307: Community Forums
308: Photo Gallery
309: CPGlang
310: Community Forums
311: Community Forums
312: Community Forums
313: Community Forums
314: Community Forums
315: Home
316: Community Forums
317: Downloads
318: CPGlang
319: Downloads
320: Community Forums
321: Community Forums
322: Home
323: Home
324: Community Forums
325: Community Forums
326: Photo Gallery
327: Home
328: Photo Gallery
329: Community Forums
330: Photo Gallery
331: Photo Gallery
332: Community Forums
333: Downloads
334: Community Forums
335: Downloads
336: Downloads
337: Home
338: Community Forums
339: Community Forums
340: Community Forums
341: Photo Gallery
342: Community Forums
343: Community Forums
344: Home
345: Home
346: Community Forums
347: Community Forums
348: Community Forums
349: Member Screenshots
350: Photo Gallery
351: Photo Gallery
352: News
353: Community Forums
354: Community Forums
355: Community Forums
356: Home
357: Community Forums
358: Your Account
359: Photo Gallery
360: Community Forums
361: Downloads
362: Home
363: Home
364: Home
365: Downloads
366: Community Forums
367: CPGlang
368: Community Forums
369: Photo Gallery
370: News
371: Community Forums
372: Photo Gallery
373: Community Forums
374: Home
375: Community Forums
376: Community Forums
377: Community Forums
378: Community Forums
379: Community Forums
380: Home
381: Community Forums
382: Photo Gallery
383: CPGlang
384: Community Forums
385: Community Forums
386: Community Forums
387: Home
388: Community Forums
389: Community Forums
390: Home
391: Community Forums
392: Community Forums
393: Community Forums
394: Community Forums
395: Community Forums
396: CPGlang
397: Community Forums
398: Community Forums
399: Community Forums
400: Downloads
401: Community Forums
402: Community Forums
403: Community Forums
404: Community Forums
405: Community Forums
406: Community Forums
407: Community Forums
408: Home
409: Community Forums
410: Community Forums
411: Community Forums
412: Photo Gallery
413: Home
414: Community Forums
415: Home
416: Photo Gallery
417: Community Forums
418: Home
419: Photo Gallery
420: CPGlang
421: Photo Gallery
422: Community Forums
423: Community Forums
424: Community Forums
425: Downloads
426: Community Forums
427: Community Forums
428: Community Forums
429: Photo Gallery
430: Home
431: Home
432: Community Forums
433: Community Forums
434: Community Forums
435: Community Forums
436: Community Forums
437: Home
438: Home
439: Community Forums
440: Photo Gallery
441: CPGlang
442: Community Forums
443: Community Forums
444: Home
445: Community Forums
446: Member Screenshots
447: Home
448: Community Forums
449: Community Forums
450: Home
451: Home
452: Community Forums
453: Community Forums
454: Community Forums
455: Community Forums
456: Community Forums
457: Community Forums
458: Community Forums
459: Community Forums
460: Community Forums
461: Community Forums
462: Community Forums
463: Photo Gallery
464: Photo Gallery
465: Community Forums
466: CPGlang
467: Photo Gallery
468: Photo Gallery
469: Community Forums
470: Home
471: Community Forums
472: Community Forums
473: Community Forums
474: Community Forums
475: Home
476: Your Account
477: Home
478: Community Forums
479: Community Forums
480: Home
481: Photo Gallery
482: Community Forums
483: Photo Gallery
484: Community Forums
485: Photo Gallery
486: Community Forums
487: Home
488: Photo Gallery
489: Your Account
490: Photo Gallery
491: Community Forums
492: Community Forums
493: Photo Gallery
494: Community Forums
495: Member Screenshots
496: Community Forums
497: Community Forums
498: Photo Gallery
499: Community Forums
500: Home
501: Community Forums
502: Community Forums
503: Community Forums
504: Photo Gallery
505: Community Forums
506: Downloads
507: Community Forums
508: Community Forums
509: Community Forums
510: CPGlang
511: Downloads
512: Community Forums
513: Community Forums
514: Community Forums
515: Photo Gallery
516: Community Forums
517: Statistics
518: Photo Gallery
519: Community Forums
520: CPGlang
521: Community Forums
522: Home
523: Photo Gallery
524: Home
525: Community Forums
526: Community Forums
527: Community Forums
528: Community Forums
529: Community Forums
530: Community Forums
531: Community Forums
532: Member Screenshots
533: Photo Gallery
534: Community Forums
535: Community Forums
536: Community Forums
537: Downloads
538: Community Forums
539: Community Forums
540: Community Forums
541: Home
542: Community Forums
543: Photo Gallery
544: Community Forums
545: Home
546: Home
547: Your Account
548: Photo Gallery
549: Photo Gallery
550: Community Forums
551: Home
552: Downloads
553: Downloads
554: Photo Gallery
555: Downloads
556: Community Forums
557: Community Forums
558: Community Forums
559: Community Forums
560: Home
561: Community Forums
562: Downloads
563: Community Forums
564: Photo Gallery
565: Community Forums
566: Photo Gallery
567: CPGlang
568: Home
569: Community Forums
570: Community Forums
571: Community Forums
572: Home
573: Downloads
574: Community Forums
575: Community Forums
576: Member Screenshots
577: Community Forums
578: Community Forums
579: Community Forums
580: Community Forums
581: Community Forums
582: Home
583: Community Forums
584: Community Forums
585: Photo Gallery
586: Home
587: CPGlang
588: Photo Gallery
589: Community Forums
590: Photo Gallery
591: Home
592: Community Forums
593: Community Forums
594: Photo Gallery
595: Community Forums
596: Community Forums
597: Home
598: Community Forums
599: CPGlang
600: Community Forums
601: Home
602: Community Forums
603: News
604: Photo Gallery
605: Community Forums
606: Community Forums
607: Community Forums
608: Community Forums
609: Photo Gallery
610: Community Forums
611: Community Forums
612: CPGlang
613: Photo Gallery
614: Home
615: Community Forums
616: Home
617: Downloads
618: Community Forums
619: Home
620: Community Forums
621: Home
622: Downloads
623: Downloads
624: Community Forums
625: Statistics
626: Community Forums
627: Home
628: Community Forums
629: Your Account
630: Community Forums
631: Community Forums
632: Home
633: Community Forums
634: Community Forums
635: Community Forums
636: News Archive
637: Home
638: Community Forums
639: Community Forums
640: Photo Gallery
641: Community Forums
642: Photo Gallery
643: Home
644: Downloads
645: Community Forums
646: Community Forums
647: Community Forums
648: Statistics
649: Community Forums
650: Community Forums
651: Community Forums
652: Downloads
653: Photo Gallery
654: Community Forums
655: Community Forums
656: Community Forums
657: Photo Gallery
658: Community Forums
659: Home

Staff Online:

No staff members are online!
This looks like a bad one! :: Archived
Resolve issues with your computer problems here or read about the latest computer parts and information.
Post new topic    Revive this topic    Printer Friendly Page     Forum Index ›  Hardware

Topic Archived View previous topic :: View next topic  
Author Message
JG300-Ascout
Power User

Offline Offline
Joined: Jan 05, 2005
Posts: 6257
Location: Cyberspace
PostPosted: Sun Jan 01, 2006 5:53 pm
Post subject: This looks like a bad one!

www.foxnews.com/story/...44,00.html

Advice on impementing the fix from y'all?
__________________________________________________________
'Extremely Critical Flaw' in Windows Discovered, Already Exploited
Friday, December 30, 2005
By Lisa Vaas




Microsoft Corp. has issued a security advisory for what Secunia is deeming an "extremely critical flaw" in Windows Metafile Format (.wmf) that is now being exploited on fully patched systems by malicious attackers.
Websense Security Labs is tracking thousands of sites distributing the exploit code from a site called iFrameCASH BUSINESS.
That site and numerous others are distributing spyware and other unwanted software, replacing users' desktop backgrounds with a message that warns of spyware infection and which prompts the user to enter credit card information to pay for a "spyware cleaning" application to remove the detected spyware.
Vulnerable operating systems include a slew of Windows Server 2003 editions: Datacenter Edition, Enterprise Edition, Standard Edition and Web Edition.
Also at risk are Windows XP Home Edition and Windows XP Professional, making both home users and businesses open to attack.
In this fluid attack, researchers have kept up a steady stream of new details about the extent of the exploit's reach, with Google Desktop being the latest reported vector.
F-Secure reported on Wednesday that Google Desktop tries to index image files with the exploit, executing it in the process. F-Secure reports that this exploitation-via-indexing may wind up occurring with other desktop search engines as well.
(Story continues below)


Google had no immediate comment. To avoid the problem, security experts suggest disabling the feature's indexing of media files, or to remove Google Desktop altogether.
A workaround called REGSVR32 has been posted and was included in Microsoft's advisory. However, it should be noted that as of Thursday evening, some security researchers were reporting that the workaround is not fully successful.
The workaround is as follows, as quoted from the advisory:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%system32shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
� Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with "regsvr32 %windir%system32shimgvw.dll" (without the quotation marks).
F-Secure notes that this workaround beats filtering .wmf files, given that files with other image extensions � such as BMP, GIF, JPG, JPEG, TIFF, etc. � can be used to exploit machines.
F-Secure also recommends filtering domains at corporate firewalls. These sites should be listed as off-limits:
toolbarbiz.business
toolbarsite.biz
toolbartraff.biz
toolbarurl.biz
buytoolbar.biz
buytraff.biz
iframebiz.biz
iframecash.biz
iframesite.biz
iframetraff.biz
iframeurl.business
F-Secure notes that it's seen 57 versions of this malicious .wmf file exploit as of Thursday, detected as PFV-Exploit.
The security firm is predicting that, even though the exploit has only been used to install spyware or fake antispyware/antivirus software thus far, it anticipates that real viruses will start to spread soon.
According to the Sunbelt Software blog, "any application that automatically displays a WMF image" can be a vector for infection, including older versions of Firefox, current versions of Opera, Outlook and all current versions of Internet Explorer on all Windows versions.
"This is a zero-day exploit, the kind that give security researchers cold chills," according to Sunbelt's blog. "You can get infected by simply viewing an infected WMF image."
According to F-Secure, Trojan downloaders are taking advantage of the vulnerability to install Trojan-Downloader.Win32.Agent.abs, Trojan-Dropper.Win32.Small.zp, Trojan.Win32.Small.ga and Trojan.Win32.Small.ev.
F-Secure also reports that some of the Trojans install hoax anti-malware programs such as Avgold.
F-Secure traced the exploit to Russian sites, one of which is allegedly registered to former Soviet Union President Mikhail Gorbachev.
Sunbelt warns that users are likely to get infected by being directed to one of the sites via spam that offer dirty pictures, free software or other bait.
The attack works by tricking users into opening malicious ".wmf" files in "Windows Picture and Fax Viewer" or by previewing such a file by selecting it in Windows Explorer. The attack can also be triggered automatically when visiting malicious Web sites via Internet Explorer.
Although Secunia deemed the flaw highly critical, at least one security researcher was dismissive of the bug's severity.
Pete Lindstrom, research director for Spire Security LLC, said that at this stage in the game, anything that requires user interaction is hardly worth notice.
"There's no such thing as 'extremely critical' when user interaction is required," Lindstrom said. "That's just silly."
But as far as using IE goes, download of malicious software is automatic, happening immediately upon going to the site, pointed out Alex Eckelberry, president of Sunbelt Software.
"There is no user interaction required," he wrote in an e-mail exchange. "You hit the Web site, you get hit immediately. No prompts, nothing."
John Pescatore, an analyst with Gartner Inc., said that this type of attack may be slowed down by requiring users to click on a malicious .wmf file or to go to a malicious Web site, but that doesn't mean it won't spread fast, given users' willingness to click on bait.
"One of these [attacks] where clicking on a URL [is involved], those can spread pretty fast," he said, given users' proclivity to click away.
"We do online consumer studies. Two years ago, 30 percent had fallen for phishing [schemes]. They entered their user name, password or credit card information. This year, many fewer completely fell for them, but they still clicked on the link in the phishing e-mail."
Given the rise of keystroke loggers that can automatically be downloaded onto a user's system after the user visits a malicious site, that means the Web-surfing population is still ripe for phishing, Pescatore said.
"They're still clicking on links, and whenever malicious software gets installed, that's when you get a critical rating, because all sorts of bad things can happen."
According to Secunia, the vulnerability is caused by an error in handling corrupted .wmf files � a graphics file format used to exchange graphics information between Microsoft Windows applications that can hold vector and bit-mapped images.
Secunia confirmed the vulnerability on a fully patched system running Windows XP SP2. The advisory said that Windows Server 2003 SP0 and SP1 systems have also reportedly been affected.
A Microsoft spokesman told eWEEK in an e-mail exchange on Wednesday that Microsoft "is investigating new public reports of a possible vulnerability in Windows," although he didn't give an ETA for a patch.
"Microsoft will continue to investigate the public reports to help provide additional guidance for customers," he said. "Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or issuing a security advisory, depending on customer needs."
The spokesman went on to encourage customers to follow Microsoft's Protect Your PC guidelines of enabling a firewall, getting software updates and installing anti-virus software.
Customers who think they've been affected can also contact Product Support Services, which is at 1-866-PCSAFETY in North America or at support.microsoft.com/security for outside North America.
Microsoft also advises customers who think they've been attacked to contact their local FBI office or to post the incident on www.ifccfbi.gov. Customers outside the United States should contact the national law enforcement agency in their country, the spokesman said.
The advisory issued by Microsoft later on Wednesday said that Microsoft is aware of the code, which allows an attacker "to execute arbitrary code in the security context of the logged-on user, when such user is visiting a Web site that contains a specially crafted Windows Metafile (WMF) image."
Microsoft's advisory echoed Lindstrom's take, however, stating that attackers have "no way to force users to visit a malicious Web site."
Instead, the advisory continued, attackers have to persuade users to visit the sites, "typically by getting them to click a link that takes them to the attacker's Web site."
The advisory said that Microsoft would either be issuing a patch through its monthly release process or would provide an out-of-cycle security update, "depending on customer needs."
Microsoft's spokesman declined to state how many customers had reported that they had been victimized by the attack.
Secunia advised that users avoid opening or previewing untrusted .wmf files, as well as set security level to "High" in IE.
Lindstrom noted that the long-term answer to dealing with what he called this type of "flotsam and jetsam" of constant security alerts is to install host intrusion prevention software to designate what software is allowed to run on a system and what it's allowed to do.
As far as the short-term response to this particular vulnerability goes, Lindstrom echoed Secunia's advisory when it comes to untrusted files: "Don't click on it," he said.
Editor's Note: This story was updated to include Microsoft's statement, more on the recommended workaround and more details about the exploit from Sunbelt and F-Secure.

_________________
"All facts go to clearly prove that Shades is a thrice-cursed traitor & mentally deranged person steeped in inveterate enmity toward mankind"
Back to top
View user's profile Photo Gallery
Shadow_Bshwackr
Janitor

Offline Offline
Joined: Jan 21, 2005
Posts: 7015
Location: Central Illinois, USA
PostPosted: Wed Jan 04, 2006 11:51 am
Post subject: Re: This looks like a bad one!

Thanks for the heads up on this one Ascout! I don't know about anyone else, but I like and use WMP quite often... Wink
Back to top
View user's profile Visit poster's website Photo Gallery
Display posts from previous:   
Post new topic    Revive this topic    Printer Friendly Page    Forum Index ›  Hardware
Page 1 of 1
All times are GMT - 6 Hours

Archive Revive
Username:
This is an archived topic - your reply will not be appended here.
Instead, a new topic will be generated in the active forum.
The new topic will provide a reference link to this archived topic.