We hope you enjoy your visit.

You're currently viewing our forum as a guest. This means you are limited to certain areas of the board and there are some features you can't use. If you join our community, you'll be able to access member-only sections, and use many member-only features such as customizing your profile, sending personal messages, and voting in polls. Registration is simple, fast, and completely free.


Join our community!


If you're already a member please log in to your account to access all of our features:

Username:   Password:
Add Reply
  • Pages:
  • 1
Huge Security Risk; mods this should be in announcements
Topic Started: Jan 3 2006, 09:21 PM (1,247 Views)
x_spoonman_X
Runescaper
[ * ]
A new vulnerability has appeared recently that allows dangerous files to be put in image files. Microsoft is currently working to fix this problem - they would not, however, say if they would have the problem fixed by January 10th, 2006. Here are some news items:

http://www.finfacts.com/irelandbusinessnew..._10004361.shtml

http://www.bangkokpost.com/breaking_news/b...ws.php?id=70706

http://www.microsoft.com/technet/security/...ory/912840.mspx
http://abcnews.go.com/Technology/wireStory?id=1466500

http://money.cnn.com/2006/01/03/technology...dex.htm?cnn=yes

Quote:
"Huge virus threat rocks Microsoft
Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.
January 3, 2006: 11:08 AM EST

NEW YORK (CNNMoney.) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.

According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.

What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.

"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.

"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.

Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation."


Quote:
The infected files are saved in the Windows Metafile (WMF) format, but can be labeled as standard JPEG and GIF files, the most common type of images found in webpages and e-mails. The hackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information.

Schmugar says that while the threat is very real, it's contained up to now by the fact that only a small group of websites, well off the beaten path of most surfers, contain the malicious code. "The chances of you going to one of these sites is pretty low," he says, adding, "We're not aware of a mass spamming of this exploit at this time." Still, he cautions, anything could happen. "We'll just have to wait and see."


Quote:
The flaw will actually install ON ITS OWN if you are using Internet Explorer. That's why it's such a critical flaw.

If you are using FireFox you get a popup asking you if you want to run the script found in the image file.

It's still possible to be infected with FireFox too, you just have to click an "ok" button for it to happen.



i suggest you all disable posting of images and avatars and sigs until this risk is resolved. you dont want someone on your forum hacking everyone else.
Offline Profile Quote Post Goto Top
 
Stephen
Member Avatar
Twilight is upon me, and soon night must fall.

Moved to Community Chat
Offline Profile Quote Post Goto Top
 
Quality Poster
Member
[ *  *  * ]
HOLY mullet!

F.Y.I. We have Word filters please do not get around them ;) thanks[/b]

EDIT: Honestly, who says holy mullet....lol
Offline Profile Quote Post Goto Top
 
Pc_loadletter
Member Avatar
empty
[ *  *  *  *  * ]
Sooo.... what do we have to do? That does require such long reading?
Offline Profile Quote Post Goto Top
 
x_spoonman_X
Runescaper
[ * ]
just disable avatars and dont allow image posting until this flaw is fixed. disable images in sigs aswell which im not sure how to do.
Offline Profile Quote Post Goto Top
 
Stephen
Member Avatar
Twilight is upon me, and soon night must fall.

x_spoonman_X
January 3, 2006 09:31 PM
just disable avatars and dont allow image posting until this flaw is fixed. disable images in sigs aswell which im not sure how to do.

Or get firefox and not click ok :P
Offline Profile Quote Post Goto Top
 
Pc_loadletter
Member Avatar
empty
[ *  *  *  *  * ]
x_spoonman_X
January 3, 2006 08:31 PM
just disable avatars and dont allow image posting until this flaw is fixed. disable images in sigs aswell which im not sure how to do.

You could have just posted that.

:rolleyes:
Offline Profile Quote Post Goto Top
 
Toa Lhikan
Member
[ *  * ]
Just don't use IE and if you are really worried, unregister the Windows Picture and Fax Viewer or install the hotfix from SANS. I don't know if the hotfix from SANS works or not, but if you want to use it, go ahead. To unregister Windows Picture and Fax Viewer follow these steps:
Microsoft Security Advisory (912840)
 
To un-register Shimgvw.dll, follow these steps:

1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.

2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.

Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).

Microsoft says that they will release a patch on January 10. I believe that using an alternate browser and being careful about what you view is enough to protect your computer.
Offline Profile Quote Post Goto Top
 
volksdevil
Member Avatar
Volkswagen/Audi nutter!
[ *  *  *  * ]
wow :unsure:

ok,how do we totally disable signatures and images on our forums?

thanks.
Offline Profile Quote Post Goto Top
 
Jimi
Member Avatar
LOST
[ *  *  *  *  * ]
Stephen
January 3, 2006 08:33 PM
x_spoonman_X
January 3, 2006 09:31 PM
just disable avatars and dont allow image posting until this flaw is fixed. disable images in sigs aswell which im not sure how to do.

Or get firefox and not click ok :P

Ah yes, this sounds like a good plan. :yes: :jay:
Offline Profile Quote Post Goto Top
 
x_spoonman_X
Runescaper
[ * ]
well yes obviously if your reading this use firefox. but what about the members of your forums that dont. im telling you to remove the images avas and sigs to protect them.

im sure atleast 50% of forums have 1 or more malicious users that may try to use this flaw to their advantage by using an infected image in their avatar or post one.

sure if you read this and use firefox your fine but im sure many of your members will be using ie view that image and get infected. as admins its your duty to protect your members
Offline Profile Quote Post Goto Top
 
.Day
Member Avatar
Look at my sig
[ *  * ]
thanks for posting
Offline Profile Quote Post Goto Top
 
rJay
Member
[ *  *  *  *  *  * ]
rJays not afraid!
Offline Profile Quote Post Goto Top
 
Placeholderplaceholder
Quit
[ *  *  *  *  *  * ]
Hmm sounds serious. Good thing im usin FF!!
Offline Profile Quote Post Goto Top
 
Deltasix
Member Avatar
Me
[ *  *  *  *  *  * ]
Is it the same as this: http://support.invisionfree.com/index.php?...opic=214778&hl=

?
Offline Profile Quote Post Goto Top
 
1 user reading this topic (1 Guest and 0 Anonymous)
Go to Next Page
« Previous Topic · Community Chat · Next Topic »
Add Reply
  • Pages:
  • 1