http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes Huge virus threat rocks Microsoft Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus. January 3, 2006: 3:42 PM EST NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs. According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw. What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file. "The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen. "Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990. Microsoft said a security patch would be available for the problem on Tuesday, January 10 after it has passed rigorous testing procedures. Because of the severity of the threat, the SANS Institute, a computer security group, has released a patch for the vulnerability until Microsoft's fix is available next week. It is available here. http://isc.sans.org/diary.php?storyid=1010
This is the zero day exploit mentioned in my post. anyone who can should read about, and use the unofficial patch if possible. best bet is to start over at pcguide.com (follow the link in my post) and go from there. or use the link in Nevada_MO_Guy's post to isc. It does mean disabling some of the functionality of the graphics capability in windows, but it's got to be the safest route til MS release an official patch.
Whoops, didn't know it was called the "zero day exploit" or I would have posted this in Andy2k3's thread. Good to know. Like Slipthejab mentioned, it might effect my....ahhh....research, also.
Unfortunately there's a bit more to it than that - this can be spread via emails as well, and the unofficial patch interrupts the automatic escape sequence which causes the code to execute. Note that if someone chose to open a file in any app, the code would be executed, whether or not the patch has been deployed. MS are being extremely stupid about this, stating that there's not much of a problem at the minute. IT seems they still can't tell the difference between an exploit and a virus. The PDF from SANS also points out that this escape sequence is relied upon by mozilla for every day functionality (I'm no programmer, so don't ask for details!) so it's no good being complacent becuase we use better browsers than IE. The biggest problem as far as I can see is that this can affect just about every windoze machine on the planet - and we all know that not everyone keeps up with security
taken from spywareinfo.com WARNING: this is a kind of long post. seems like this won't be patched by MS until january 10th. :cry: and it could get very big.. VERY fast. and yes firefox will not save you. :cry:
from people in the know. this site seems to be the most informative on the subject of the new virus: http://sunbeltblog.blogspot.com/ interesting to note in the following blog is the following: hope that helps some people calm down about the whole thing. the link i gave at the top of this post is a very informative read. the guy seems to be at the top of his game covering this new outbreak.. and he also give advice on the new "sober worm" as well.
Well if you can't afford a mac (ergo OS change), then there are excellant alternatives that you can use on your PC. Anyway, Microsoft's apparent 'lazi faire' attitude towards patching in the past has hardly been impressive but still, you would think they would issue atleast a temporary (to my knowledge they havn't here) fix or issue a patch outwith their usual 'cycle'.
taken from spywareinfo.com these are only some of the things that COULD happen. like i said in my above post. there's already 72 KNOWN variants of the virus. . this info was taken on january 3rd. the virus was discovered on the 27th of december. meaning that 120,000 people WHO USED! mcafee were infected in only 1 week! http://vil.mcafeesecurity.com/vil/content/v_137760.htm has some more info on the virus. http://secunia.com/advisories/18255/ also has some good decent info considering the virus. the thing i'm confused about is wether or not millineum edition is affected (which i run)... some sites say yes while others say no.
