zero-day WMF exploit

I know I’m a bit late, but I decided to post this now, better late than never.

Your computer can be exploited by just viewing a webpage with the exploited image file on it, if you use Internet Explorer. If you use a browser like firefox, you won’t get infected UNLESS you download the image file and/or execute it. You can also get infected by opening the folder in Explorer where an infected picture file is. So far, they have been used just to install bogus software/spyware on your computer, but soon they will be putting malicious virii on your system.

Check out http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 for further details.

What can you do now?

1) Don’t open any picture files! (obviously, this is not possible for many people)
2) Don’t use IE! That just increases the risk of you getting infected.
3) There is a temporary workaround, by unregistering the Windows Windows Picture and Fax Viewer – although this doesn’t totally prevent you from getting infected and it may hinder your computer usage. In the start menu, press run and type “regsvr32 -u %windir%\system32\shimgvw.dll” and press enter. A dialog box should appear saying that “DllUnregisterServer in SHIMGVW.DLL succeeded”. To re-enable it, press run and type “regsvr32 %windir%\system32\shimgvw.dll”.
4) Disable any indexing programs like Google Desktop, Yahoo Desktop, Copernic Desktop Search, and so on. They may cause infection when they try to index picture files on your computer.
5) Use a different operating system. Knoppix Linux, which is CD bootable and doesn’t require any system changes, is a good one to try out.

Otherwise, I don’t have too much to say now. PLEASE TAKE CARE OF YOUR COMPUTER!!!

EDIT January 08th :
As of now, there is an official update from Microsoft. So go get it now! http://www.microsoft.com/technet/security/Bulletin/ms06-001.mspx

4 Comments

  1. ionStorm says:

    Dun bluff. I have a patch.

    regsvr32 /u SHIMGVW.DLL

    Blehhhh...

  2. Hoong Ern says:

    That's exactly what I mentioned in (3). It's not a patch, it does not in any way fix the exploit.. it just prevents the exploit from doing its worst.. And if you open your file in mspaint, also bye bye..

    Blehhhh...

  3. ionStorm says:

    Which ulu dude uses MS Paint? >_

  4. Hoong Ern says:

    ME!

    btw, one of your eyes is missing in your face >_<
    HUH?! WordPress bug? Mine disappeared too... (although I edited it in)

Leave a Reply

Spam, shameless advertising and comments which do not contibute to the value of the post may be deleted!