By surfing to particular websites, you will get infected with some malware via a wmf exploit. Different websites download different malware. Even if you didn't open the infected wmf file, but did download it, you will get infected if you are running a desktop search tool such as Google desktop, reports F-secure.
As of now, it seems that you are vulnerable to this exploit, if you're running windows 98, xp, 2003, (even fully patched) prolly any version of windows that can handle the wmf extension, which is a vector image format. A video of it infecting a windows system here - http://www.websensesecuritylabs.com/images/alerts/wmf-movie.wmv
Currently from what I read, no anti-spyware, anti-virus or firewall is able to remove this, although one said that a trial version of counterspy may have removed it and another said Mcafee VS Enterprise was able to stop the code from executing through buffer overflow protection. F-secure stated that enabling DEP for all programs may help prevent this but not necessarily so.
One workaround is to run this command - "regsvr32 /u shimgvw.dll" which may cause problems with MS Paint and rendering of thumbnails with windows explorer. "regsvr32 shimgvw.dll" may be used to re-enable wmf rendering after a patch is released. Another way is to use a sandbox program such as Sandboxie to run the browser within a protected boundary.
Categories:
Tech
Thursday, December 29, 2005
Subscribe to:
Post Comments (Atom)