WARNING: Major Windows/IE Virus Hits the Internets!

[mr.Curmudgeon]

This is bad. Tomorrow, everyone goes back to work and fires up there systems...security specialists around the web fear a major meltdown.
It's embedded in image (.wmf) files and takes advantage of an exploit in IE. So simply viewing any page containing malicious code will infect your system. Very nasty.

Info:
http://isc.sans.org/diary.php?storyid=994
http://www.metafilter.com/mefi/47964
http://www.microsoft.com/technet/security/advisory/912840.mspx

So far, Microsoft has absolutely NO official solution (big surprise). But in the meantime, there are several things you can do.

1) Run firefox. It's immune to this particular exploit.
2) Unregister the vulnerable .dll.
       - Disable: Start > Run > regsvr32 /u shimgvw.dll
       - After MS releases a patch you can restart it like so:
                     - Enable: Start > Run > regsvr32 shimgvw.dll
UPDATE: Some are saying that this doesn't protect you from the latest version of the exploit. 
3) Reassign .wmf files to notepad.
4) Install third-party patch. (LINK)
        - It's from Gibson Research. Trusted source.
5) Buy a mac.

Anyone else got any ideas?


mrC

[pointdablame]

Another wonderful reason to use FireFox.

[mr.Curmudgeon]

Additional step: Turn off Google Desktop for the time being.


mrC

[saint]

I'm at work right now, and have blocked all outgoing web traffic (port 80 and 443 at least) at the corporate firewall. Even still, I'm not expecting tomorrow to be pretty.

[mr.Curmudgeon]

I'm glad I have the day off.  (and that I use Firefox)
We'll see, tomorrow, if this is overhyped.


mrC

[missioncontrol]

this thing has been out for a month now...They told us to refrain from using IE at that time....

[mr.Curmudgeon]

this thing has been out for a month now...They told us to refrain from using IE at that time....

I think the major issue now is that security specialists have recently caught upwards of 10 exploits in the wild. A vulnerability is one thing, but now people are punching through it.

I can't believe MS hasn't issued a patch, given what you've said above.


mrC

[USSEnterprise]

What is this virus/worm/trojan expected to do that is so terrible?

[missioncontrol]

I don't remember exactly what the e-mail all stated but they basicaly said not to use IE until furhter notice and have sent remiders weekly about it.

as far as a MS patch I'm thinking MS sent one out a week and 1/2 to two weeks ago but it didn't help....

[mr.Curmudgeon]

What is this virus/worm/trojan expected to do that is so terrible?

Via Microsoft: "An attacker who successfully exploited this vulnerability could gain the same user rights as the local user."

So basically, much like other worms/viruses...remote users gain control of any number of systems for their own nefarious purposes. This virus is different in that is all you have to do is simply look at an infected image to get it. The fear is that it may spread quickly and stealthily.

The fact that Microsoft hasn't taken steps to correct it yet, by releasing a patch, is really the biggest issue.


mrC

[USSEnterprise]

FedoraTime!

[mr.Curmudgeon]

Hmmmm....and now is seems, with the more I read, that not even Firefox may be 100% safe (since, it too utilizes GDI, where the vulnerability lies). Haven't been able to confirm this yet.

But there's this: "Firefox and Thunderbird WILL PROBABLY make you safer. Mozilla apps use their own image rendering libraries, and you would have to download and open a WMF file (which you would be prompted to do in recent versions - FF 1.5 to be safe) to be infected. So you would not be AUTOMATICALLY infected with recent versions of Firefox."



mrC

[USSEnterprise]

Yay! I alreadt have FF 1.5 and TB 1.0.7!

[DrewKaree]

What is this virus/worm/trojan expected to do that is so terrible?

Mess up your computer, give you crabs, bad breath, dysentery, and double the offensiveness of your body odor. 

Women may also find you unattractive.

[shmokes]

Can somebody post an infected picture so I can see what it does to my network? 

[DrewKaree]

Can somebody post an infected picture so I can see what it does to my network? 

I'd e-mail this to as many people as possible within your network.  Mebbe if they see what can happen if this virus hits their PC, they'll think twice about ever using the intar-webs

[danny_galaga]

What is this virus/worm/trojan expected to do that is so terrible?

Mess up your computer, give you crabs, bad breath, dysentery, and double the offensiveness of your body odor.

[ChadTower]

this thing has been out for a month now...They told us to refrain from using IE at that time....

Where I work, we are only allowed to use IE.  Any other browser is blocked at the personal firewall level and we don't have admin rights to our own boxes in order to change that.

[Bones]

I don't know why Microsoft just don't release a security patch with added Chuck Norris.

[DrewKaree]

I don't know why Microsoft just don't release a security patch with added Chuck Norris.

Bill Gates doesn't want to pay brazilians of dollars just to improve his patch-fu when he can just keep fixing his stuff just enough to make you think it's ok.

Chuck Norris has sent him a letter telling him he can't use his name either

[Harry Potter]

For once, I got nothing to fear at work.

Our network is so complex and congested, the users have trouble accessing let alone viruses.

I'd be more worried for the virus if it managed to get past our 'security' measures.

[DrewKaree]

You could always "back porch" your keyboard and put a stop to any wrong-doing.

[Harry Potter]

I prefer to smash it across the back of a lower-class employee's head.

[Goz]

Temporary patch -=here=-

[ChadTower]

Silly naive people.

There is no money in making software.

There is money in supporting software.

[shmokes]

Grr....I hate these people.  I don't have time for this right now.  I patched all the PC's in the smaller of my two biggest offices, but I can't get to my biggest office until this afternoon and that's about 60-70 workstations.  Please let it be a slow internet day at work today.

[ChadTower]

The first day back from the holiday season?  You'll be lucky if the average net surf time today is less than 6 hours.

[DrewKaree]

Silly naive people.

There is no money in making software.

There is money in supporting software.

Are you sure that's not supposed to be about printers?

[ChadTower]

That's supposed to be about life.

[DrewKaree]

Mission told me I skuc at teh lyf.  Is that the same thing?

[ChadTower]

No, teh lyf is different from life.

[AtomSmasher]

Blame Bush. Actually, no, this time I will blame Gore, since he invented the Internet.

Heres a post from another forum I frequent

Apply the patch and be protected...... This is a third party patch we have tested at 3 campuses (UCLA, UC Santa Barbara and here). Microsoft won't release one until next week. Install this one now if you want immediate protection. I am doing a release of this patch to 5000 users as we speak at University California Riverside where I work.

Link to the patch

You can send me questions about this if you want at larry@ucr.edu
Take care forum members,
Larry McGrath

*edit* I use Opera so I don't have to worry about this thing

[ChadTower]

I hear Bush made the virus reports, then made a "patch" which really is a virus, and is now laughing his ass off while everyone rushes to install his new virus to protect themselves from his hoax virus.

Bush is a clever one, that Bush.

[mr.Curmudgeon]

God, what a bunch of pathetic Bush haters! You are blinded by your rage! Can you think of nothing else?


mrC

[ChadTower]

I blame Bush for your congenital inability to be funny.

[mr.Curmudgeon]

I blame Bush for your congenital inability to be funny.

Panties bunched much?


mrC

[ChadTower]

Say panties bunched much 5 times fast.

[missioncontrol]

Panties bunched
Panties bunched
Panties bunched
Panties munched
Panties munched

[ChadTower]

See?  Knew that would happen.

[AtomSmasher]

God, what a bunch of pathetic Bush haters! You are blinded by your rage! Can you think of nothing else?


mrC

I often find myself pondering Socrates immortal words "I drank what?"

And sometimes I wonder if you could travel the speed of light in your car, would your headlights work?