Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Terry Pinnell <terrypinDELETE@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 02 Jan 2006 16:55:06 +0000
Mike Monett <gqtacfwfjfmx@xxxxxxxxxxxxx> wrote:
>Mike Monett wrote:
>>
>> To All,
>>
>> Last night, a very dangerous computer worm was released on the
>> internet. It is carried on Windows Metafile images and automatically
>> executes with no user interaction. With Microsoft Explorer or
>> Outlook, you are automatically infected if you recieve infected
>> email or view a site with the worm. The problem is Windows WMF files
>> have the capability to execute external code. This is a virus
>> writer's dream. He can do anything he wants.
>
>[...]
>
>Update: Opera is not vulnerable. You have to work hard to get infected.
>
>Here is more information from Rijk van Geijtenbeek in the opera.general
>newsgroup:
>
> "Opera cannot display WMF files natively, so it is not vulnerable
> in itself. With the default configuration Opera opens the download
> dialog for such files. If you click 'Open' and the default handler
> is the 'MS Picture and fax viewer', you can apparently be infected
> by malicious WMF files. So treat WMF files with the same caution
> as EXE and BAT etc files, I'd say. And don't change Opera's
> settings to directly open such files..."
>
>Go Opera! Beats the pants off MSIE and Firefox.
>
>Mike Monett
Had several other similar alerts, and it clearly needs taking very
seriously.
On mine and my wife's PC (both XP Home) I've taken the basic steps
recommended in several places:
1. Run | regsvr32 /u shimgvw.dll to disable shimgvw.dll
2. Install the temporary patch wmffix_hexblog13.exe from
http://blogs.washingtonpost.com/securityfix/
....and rebooted.
One possible downside of the first is that it seems to prevent my
viewing photos (JPGs) in Thumbnail mode. I have re-instated it with
Run | regsvr32 shimgvw.dll
and immediately got thumbnails back. Anyone else able to confirm this
please?
There is also a Vulnerability Checker wmf_checker_hexblog.exe
available here:
http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html#more
--
Terry Pinnell
Hobbyist, West Sussex, UK
.
- Follow-Ups:
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Terry Pinnell
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Frank Bemelman
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- References:
- A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Mike Monett
- Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- From: Mike Monett
- A Very Dangerous Worm in Windows Metafile Images (WMF)
- Prev by Date: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- Next by Date: Re: ASCII editor
- Previous by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- Next by thread: Re: A Very Dangerous Worm in Windows Metafile Images (WMF)
- Index(es):
Loading
