[Date Prev][Date Next][Subject Prev][Subject Next][ Date Index][ Subject Index]

RE: Digest form irregularity (hack attack)



The newest exploit that's "all the rage" these days is just as dangerous using Firefox, since it's not the browser that's being exploited. It's Windoesn't's (appropriately bloated word formation, don't you think? :) image rendering module.

He's a source I trust for a temporary fix . . . until Bill gets around to something more
"official":

http://WindowsSecrets.com/comp/060104

Excerpt -

The new "WMF Metafile" vulnerability is different:

* It can infect your PC if you merely view an image formatted as a Windows metafile on a Web page,
in an e-mail attachment, or on your hard disk.

* Every browser is vulnerable - IE, Firefox, Opera, and others - because the image is not being
rendered by the browser. It's rendered by Windows' own Picture and Fax Viewer (Shimgvw.dll, also
known as the Shell Image View Control). New versions of Firefox do display an alert when a
suspicious image is encountered on a Web page. But since viewing an image is usually harmless, most
users will click OK, exposing themselves to infection.

* If your PC catches an infected metafile - perhaps through instant messaging or file-sharing
software - the payload can run even if you don't consciously open or view the image. Google Desktop
Search, for example, causes the payload to be executed when the metadata of the image is accessed.
If the image is an icon, merely displaying a file directory in certain views of Windows Explorer can
silently execute a Trojan.


-BrianH.

-----Original Message----- From: Patrick Cox

Why are you disillusioned with Firefox?

My understanding is that this new exploit will not launch automatically in Firefox,
but if you do choose to download an infected file through firefox, it will infect Windows -- which
is the problem.

Am I mistaken? If not, the only way to avoid the problem is to switch to linux or another OS.