Hi Julea,
I received this today from F-Secure:
[quote]PRESS RELEASE
For release December 30, 2005
Zero-day vulnerability in Windows still unpatched
Hundreds of millions of PCs still at risk; F-Secure able to stop the
malicious files
December 30, 2005
The zero-day vulnerability related to Windows' WMF files first reported on
December 27 is still unpatched by Microsoft. At that time Trojan downloaders
were seen to actively exploit the vulnerability with fully patched Windows XP
SP2 machines.
Windows metafiles are image files used by popular applications such as
Microsoft Word. So far WMF exploits have been typically used to install
spyware and adware although the threat of virus and worm exploits remain.
Users can be infected simply by visiting a web site with an image file
containing the WMF exploit. Internet Explorer users are at the greatest risk
of automatic infection while Firefox and Opera browser users are prompted
with a question whether they'd like to open the WMF image or not. They get
infected too if they answer 'Yes'.
Microsoft and CERT.ORG issued bulletins on the Windows Metafile vulnerability
and also announced a workaround while Microsoft is creating a patch.
Microsoft's confirms that the vulnerability applies to all the main versions
of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003. This means
there are hundreds of millions of vulnerable computers at the moment.
As a precaution, F-Secure recommends administrators to block access to all
WMF files at HTTP proxy and SMTP level. Consumers are also advised to enable
their Windows automatic update system, reject any emails sent to them with
WMF or other dubious-looking attachments and to ensure that their virus
protection is up to date.
F-Secure Anti-Virus detects the offending WMF files with generic detection
either as PFV-Exploit or Exploit.Win32.IMG-WMF.
Speaking about the case, Chief Research Officer at F-Secure, Mikko Hypponen
said: "So far, we've only seen this exploit being used to install spyware or
fake antispyware and antivirus software on the affected machines. I'm afraid
we'll see real viruses using this soon. We've seen 70 different versions of
malicious WMF files so far."
Hypponen pointed out that the WMF exploit has been used with a clear criminal
motivation to install spyware and to dupe ordinary consumers into purchasing
fake security products for their computers:
Until a patch is issued, Hypponen recommended administrators to filter the
following domains at corporate firewalls:
toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz
freecat[dot]biz
For updates on the WMF vulnerability, please check the F-Secure Viruslab
blog, which broke the news on 28th of December:
http://www.f-secure.com/weblog/
[/quote]
The article below was just posted in a tube group (I'm a signature maker) that I'm in. I've been traveling for a few days and don't seem to find anything on this other than this being posted in our group. We were asked not to click on any links or to put any links in our emails in this group. Is anyone aware of this and is it fact or fiction?
Thanks -- Julea
Windows Security Flaw Is 'Severe'
By Brian Krebs
Special to The Washington Post
Friday, December 30, 2005
A previously unknown flaw in Microsoft Corp.'s Windows operating system is leaving computer users vulnerable to spyware, viruses and other programs that could overtake their machines and has sent the company scrambling to come up with a fix.
Microsoft said in a statement yesterday that it is investigating the vulnerability and plans to issue a software patch to fix the problem. The company could not say how soon that patch would be available.
A clerk in Seoul with a box of Microsoft Corp.'s Windows software. Microsoft is trying to repair a flaw in the product. (By Seokyong Lee -- Bloomberg News)
Mike Reavey, operations manager for Microsoft's Security Response Center, called the flaw "a very serious issue."
Security researchers revealed the flaw on Tuesday and posted instructions online that showed how would-be attackers could exploit the flaw. Within hours, computer virus and spyware authors were using the flaw to distribute malicious programs that could allow them to take over and remotely control afflicted computers.
Unlike with previously revealed vulnerabilities, computers can be infected simply by visiting one of the Web sites or viewing an infected image in an e-mail through the preview pane in older versions of Microsoft Outlook, even if users did not click on anything or open any files. Operating system versions ranging from the current Windows XP to Windows 98 are affected.
An estimated 90 percent of personal computers run on Microsoft Windows operating systems. Microsoft has found itself under attack on several instances and has been forced to issue a number of patches to keep computers running Windows safe. Mac and Linux computer users are not at risk with this attack, even if their computers run Microsoft programs such as Office or the Internet Explorer Web browser.
Reavey encouraged users to update their anti-virus software, ensure all Windows security patches are installed, avoid visiting unfamiliar Web sites, and refrain from clicking on links that arrive via e-mail or instant message.
"The problem with this attack is that it is so hard to defend against for the average user," said Johannes Ullrich, chief research officer for the SANS Internet Storm Center in Bethesda.
At first, the vulnerability was exploited by just a few dozen Web sites. Programming code embedded in these pages would install a program that warned victims their machines were infested with spyware, then prompted them to pay $40 to remove the supposed pests.
Since then, however, hundreds of sites have begun using the flaw to install a broad range of malicious software. SANS has received several reports of attackers blasting out spam e-mails containing links that lead to malicious sites exploiting the new flaw, Ullrich said.
Dean Turner, a senior manager at anti- virus firm Symantec Corp. of Cupertino, Calif., said the company has seen the vulnerability exploited to install software that intercepts personal and financial information when users of infected computers enter the data at certain banking or e-commerce sites.
Eric Sites, vice president of research and development for anti-spyware firm Sunbelt Software, said he has spotted spyware being downloaded to a user's machine by online banner advertisements.
"Pretty much all of the spyware guys who normally use other techniques for pushing this stuff down to your machine are now picking this exploit up," Sites said.
Because the vulnerability exists within a faulty Windows component, security experts warn that Windows users who eschew Internet Explorer in favor of alternative Web browsers, such as older versions of Firefox and Opera, can still get their PCs infected if they agree to download a file from a site taking advantage of the flaw.
Richard M. Smith, a Boston security and privacy consultant, said he was particularly worried that the vulnerability could soon be used to power a fast- spreading e-mail worm.
"We could see the mother of all worms here," Smith said. "My big fear is we're going to wake up in the next week or two and have people warning users not to read their e-mail because something is going around that's extremely virulent."
Happy New Year!
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic