![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The newly developed WMF exploit. It's not big news yet other than in geek circles, but it's bad news.
Essentially, just by downloading, viewing, opening an image, or even just going to a web page with an image on it, it's possible that you could become infected by any virus, trojan, worm, malware, bot or backdoor software that the host wants. And this time it does appear to be this simple.
Literally - go to web page in IE, image loads, you're infected.
Or... Someone sends you picture by email which you load up, you're infected.
http://www.f-secure.com/weblog/ has lots of information and links on this. There's stuff on every major security software website, there's an official MS announcement about it but no official patch. There's an unofficial patch out which does a damn good job, apparently, but still. This isn't good.
It appears that during the design of the WMF (Windows MetaFile?) file format, it was decided that there would be a need to allow some executable information... why?! This is the core of the exploit, and the broken implementation means that when the picture's loaded up, the broken code allows any arbitrary code to be executed. This can then be used to download and execute trojans or virii or whathaveyou.
Essentially, just by downloading, viewing, opening an image, or even just going to a web page with an image on it, it's possible that you could become infected by any virus, trojan, worm, malware, bot or backdoor software that the host wants. And this time it does appear to be this simple.
Literally - go to web page in IE, image loads, you're infected.
Or... Someone sends you picture by email which you load up, you're infected.
http://www.f-secure.com/weblog/ has lots of information and links on this. There's stuff on every major security software website, there's an official MS announcement about it but no official patch. There's an unofficial patch out which does a damn good job, apparently, but still. This isn't good.
It appears that during the design of the WMF (Windows MetaFile?) file format, it was decided that there would be a need to allow some executable information... why?! This is the core of the exploit, and the broken implementation means that when the picture's loaded up, the broken code allows any arbitrary code to be executed. This can then be used to download and execute trojans or virii or whathaveyou.
(no subject)
(no subject)
Just about every other virus/worm/malware out there requires some stupid action on the part of the user such as executing an attachment or overriding security warnings (with the notable exception of Blaster and it's variants which exploit the DCOM RPC vuln).
Any vulnerability like this which is exploitable without any stupid action on the user's part is very worrying indeed, whether you're a vulnerable user or not.
In my mind - saying that it's not worrying is the same as saying that you're not worried about the impact STDs have upon the world just because you don't have a sexual partner.
[Wow, unexpected minirant]
(no subject)
and yes apple is a huge corporation doing very nicely for itself, but at least some diversity is healthier than all the desktop money going to great goliath that is Microsoft. it's too much to say "macs don't get viruses" (virii?) as the sales people were doing in the Valley Fair, San Jose Apple store i was in the other week, but to at least offer Mac OS X or a Linux variant as a perfectly acceptable desktop alternative to the thousands of Joe Public dumb-ass users out there will at least make Microsoft stand up and take notice and try harder in future...