And Just One More Thing

Mainly computer and world related comments and postings.

Tuesday, January 03, 2006

So far we've had a quiet day. That's a good thing.

That bad news? People are working on the next big payload for the .wmf vulnerability right now. (Hopefully they won't be able to release it before the Microsoft patch becomes available)

How will it arrive? An instant messenger? ... Imagine an image appears in your IM window perhaps attached as an avatar for someone's profile and 'bam' you're infected. And guess what. You machine now looks at your entire IM contact list and manages to send out to everyone you have in your contact list. How long would it take to infect millions of machines with IM? How about Email? One email message sent to someone with the "Preview" pane turned on and, once again, you're hit. And, of course, Outlook can easily manage to send out a nice little email to all your friends in your address book. What about a hacked advertising service? You visit yahoo.com and an exploited advertisment for Viagra pops up infecting your machine and the other million or so people viewing the page at the same time.

So anyway, here we are. Microsoft has some pretty worthless information regarding the issue at present:
"Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks are not widespread."
- Microsoft Security Advisory (912840)

Of course everyone is jumping all over the oxymoronic "Microsoft's intelligence sources" bit in their informational release. Pretty funny, indeed.

Per my previous blog entry regarding unregistering the offending .dll, Microsoft also recommends:
~ user awareness, not surfing to “bad” places and all other sorts of generic solutions that are not relevant to this problem.
~ to keep anti-virus signatures up to date - but tests show that many anti-virus products trigger only on the payload if they trigger at all. And the payload of the successful massive attack will be new, mitigating AV signature defenses.

There is an interesting Powerpoint Presentation available for download here. If you'd like a pdf version instead, get it here. It's a little cryptic (as most Powerpoint presentations go) however there is great information and some good tidbits to gleen from the information. It's definitely recommended reading.

I'm going to continue posting information and updates as this situation progresses. Additionally, I'll keep my fingers crossed that something doesn't come out over the next 7 days. Currently Microsoft have said that they'll release a patch on January 10th. Time will tell if it's too little too late.

If anyone needs help buying macs or configuring new linux boxes, let me know ;)

Jimmy

0 Comments:

Post a Comment

<< Home