- Joined
- Jan 25, 2004
- Messages
- 1,049
- Reaction score
- 4
"Huge virus threat rocks Microsoft
Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.
January 3, 2006: 11:08 AM EST
NEW YORK (CNNMoney.) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.
According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.
What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.
"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.
"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.
Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation."
The infected files are saved in the Windows Metafile (WMF) format, but can be labeled as standard JPEG and GIF files, the most common type of images found in webpages and e-mails. The hackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information.
Schmugar says that while the threat is very real, it's contained up to now by the fact that only a small group of websites, well off the beaten path of most surfers, contain the malicious code. "The chances of you going to one of these sites is pretty low," he says, adding, "We're not aware of a mass spamming of this exploit at this time." Still, he cautions, anything could happen. "We'll just have to wait and see."
The flaw will actually install ON ITS OWN if you are using Internet Explorer. That's why it's such a critical flaw.
If you are using FireFox you get a popup asking you if you want to run the script found in the image file.
It's still possible to be infected with FireFox too, you just have to click an "ok" button for it to happen.
So yey dont run the script thing and switch to firefox..if you havent you suck
Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.
January 3, 2006: 11:08 AM EST
NEW YORK (CNNMoney.) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.
According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.
What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.
"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.
"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.
Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation."
The infected files are saved in the Windows Metafile (WMF) format, but can be labeled as standard JPEG and GIF files, the most common type of images found in webpages and e-mails. The hackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information.
Schmugar says that while the threat is very real, it's contained up to now by the fact that only a small group of websites, well off the beaten path of most surfers, contain the malicious code. "The chances of you going to one of these sites is pretty low," he says, adding, "We're not aware of a mass spamming of this exploit at this time." Still, he cautions, anything could happen. "We'll just have to wait and see."
The flaw will actually install ON ITS OWN if you are using Internet Explorer. That's why it's such a critical flaw.
If you are using FireFox you get a popup asking you if you want to run the script found in the image file.
It's still possible to be infected with FireFox too, you just have to click an "ok" button for it to happen.
So yey dont run the script thing and switch to firefox..if you havent you suck