Hike156
01-10-2006, 12:27 PM
The following is a quote taking from http://www.tip.it/runescape/.
Administrator
Administrator
Joined: 22 May 2004
Posts: 7960
PostPosted: Tue Jan 03, 2006 9:01 pm Post subject: Security Alert - ALL USERS READ! *** Official Fix is out NOW Reply with quote
A new vulnerability has appeared recently that allows dangerous files to be put in image files. Microsoft is currently working to fix this problem - they would not, however, say if they would have the problem fixed by January 10th, 2006. Here are some news items:
http://www.finfacts.com/irelandbusinessnews/publish/article_10004361.shtml
http://www.bangkokpost.com/breaking_news/breakingnews.php?id=70706
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://abcnews.go.com/Technology/wireStory?id=1466500
http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes
Quote:
"Huge virus threat rocks Microsoft
Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.
January 3, 2006: 11:08 AM EST
NEW YORK (CNNMoney.) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.
According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.
What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.
"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.
"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.
Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation."
Quote:
The infected files are saved in the Windows Metafile (WMF) format, but can be labeled as standard JPEG and GIF files, the most common type of images found in webpages and e-mails. The hackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information.
Schmugar says that while the threat is very real, it's contained up to now by the fact that only a small group of websites, well off the beaten path of most surfers, contain the malicious code. "The chances of you going to one of these sites is pretty low," he says, adding, "We're not aware of a mass spamming of this exploit at this time." Still, he cautions, anything could happen. "We'll just have to wait and see."
Quote:
The flaw will actually install ON ITS OWN if you are using Internet Explorer. That's why it's such a critical flaw.
If you are using FireFox you get a popup asking you if you want to run the script found in the image file.
It's still possible to be infected with FireFox too, you just have to click an "ok" button for it to happen.
Until this vulnerability is fixed, ALL images - PNG, GIF, JPG, JPEG, WMF, BMP - are censored. All avatars are also turned off.
We'll post when we have more updates.
==========================================
================================================
Just letting people be aware of this. You may also want to vist http://www.runehq.com/
they have also posted info on this subject. This says that IE is mostly the one threatened, i sugest using firefox, i also find it much easier to use anyway http://www.mozilla.com/firefox/.
I don't know much about computers but i feel everyone should know this also.
EDIT: As Maramba said, you can turn pics off to reduce this threat. Also BE SURE TO UPDATE YOUR WINDOWS. http://www.microsoft.com/
helpfull links:
http://www.lavasoft.de/software/adaware/ -adware remover
http://www.symantecstore.com/dr/sat1/ec_Main.Entry17C?SID=49997&SP=10023&CID=189667&PID=773577&PN=51&V1=773577&V2=&V3=&V4=&V5=31033611&CUR=840&DSP=&PGRP=0&API1=65&API2=GOOGLE&API3=Norton_antivirus_exa&API4=Search&API5=search.netscape.com&ABCODE=&CACHE_ID=189667
-antivirus software(lol i said anti circus)
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
-anti spyware
Administrator
Administrator
Joined: 22 May 2004
Posts: 7960
PostPosted: Tue Jan 03, 2006 9:01 pm Post subject: Security Alert - ALL USERS READ! *** Official Fix is out NOW Reply with quote
A new vulnerability has appeared recently that allows dangerous files to be put in image files. Microsoft is currently working to fix this problem - they would not, however, say if they would have the problem fixed by January 10th, 2006. Here are some news items:
http://www.finfacts.com/irelandbusinessnews/publish/article_10004361.shtml
http://www.bangkokpost.com/breaking_news/breakingnews.php?id=70706
http://www.microsoft.com/technet/security/advisory/912840.mspx
http://abcnews.go.com/Technology/wireStory?id=1466500
http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes
Quote:
"Huge virus threat rocks Microsoft
Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.
January 3, 2006: 11:08 AM EST
NEW YORK (CNNMoney.) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.
According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.
What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.
"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.
"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.
Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation."
Quote:
The infected files are saved in the Windows Metafile (WMF) format, but can be labeled as standard JPEG and GIF files, the most common type of images found in webpages and e-mails. The hackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information.
Schmugar says that while the threat is very real, it's contained up to now by the fact that only a small group of websites, well off the beaten path of most surfers, contain the malicious code. "The chances of you going to one of these sites is pretty low," he says, adding, "We're not aware of a mass spamming of this exploit at this time." Still, he cautions, anything could happen. "We'll just have to wait and see."
Quote:
The flaw will actually install ON ITS OWN if you are using Internet Explorer. That's why it's such a critical flaw.
If you are using FireFox you get a popup asking you if you want to run the script found in the image file.
It's still possible to be infected with FireFox too, you just have to click an "ok" button for it to happen.
Until this vulnerability is fixed, ALL images - PNG, GIF, JPG, JPEG, WMF, BMP - are censored. All avatars are also turned off.
We'll post when we have more updates.
==========================================
================================================
Just letting people be aware of this. You may also want to vist http://www.runehq.com/
they have also posted info on this subject. This says that IE is mostly the one threatened, i sugest using firefox, i also find it much easier to use anyway http://www.mozilla.com/firefox/.
I don't know much about computers but i feel everyone should know this also.
EDIT: As Maramba said, you can turn pics off to reduce this threat. Also BE SURE TO UPDATE YOUR WINDOWS. http://www.microsoft.com/
helpfull links:
http://www.lavasoft.de/software/adaware/ -adware remover
http://www.symantecstore.com/dr/sat1/ec_Main.Entry17C?SID=49997&SP=10023&CID=189667&PID=773577&PN=51&V1=773577&V2=&V3=&V4=&V5=31033611&CUR=840&DSP=&PGRP=0&API1=65&API2=GOOGLE&API3=Norton_antivirus_exa&API4=Search&API5=search.netscape.com&ABCODE=&CACHE_ID=189667
-antivirus software(lol i said anti circus)
http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en
-anti spyware