![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
The newly developed WMF exploit. It's not big news yet other than in geek circles, but it's bad news.
Essentially, just by downloading, viewing, opening an image, or even just going to a web page with an image on it, it's possible that you could become infected by any virus, trojan, worm, malware, bot or backdoor software that the host wants. And this time it does appear to be this simple.
Literally - go to web page in IE, image loads, you're infected.
Or... Someone sends you picture by email which you load up, you're infected.
http://www.f-secure.com/weblog/ has lots of information and links on this. There's stuff on every major security software website, there's an official MS announcement about it but no official patch. There's an unofficial patch out which does a damn good job, apparently, but still. This isn't good.
It appears that during the design of the WMF (Windows MetaFile?) file format, it was decided that there would be a need to allow some executable information... why?! This is the core of the exploit, and the broken implementation means that when the picture's loaded up, the broken code allows any arbitrary code to be executed. This can then be used to download and execute trojans or virii or whathaveyou.
Essentially, just by downloading, viewing, opening an image, or even just going to a web page with an image on it, it's possible that you could become infected by any virus, trojan, worm, malware, bot or backdoor software that the host wants. And this time it does appear to be this simple.
Literally - go to web page in IE, image loads, you're infected.
Or... Someone sends you picture by email which you load up, you're infected.
http://www.f-secure.com/weblog/ has lots of information and links on this. There's stuff on every major security software website, there's an official MS announcement about it but no official patch. There's an unofficial patch out which does a damn good job, apparently, but still. This isn't good.
It appears that during the design of the WMF (Windows MetaFile?) file format, it was decided that there would be a need to allow some executable information... why?! This is the core of the exploit, and the broken implementation means that when the picture's loaded up, the broken code allows any arbitrary code to be executed. This can then be used to download and execute trojans or virii or whathaveyou.
There are 3 comments on this entry.