Various exploits use compromised image files to take over your PC.
Numerous exploits are taking advantage of a public flaw within the Windows Meta File (WMF) format and pose a serious threat to all Windows users, especially those running Windows XP. Once a compromised WMF image takes root on your computer, the infected computer is no longer under your control, displaying symptoms of poor performance and remote access by unknown individuals. The WMF exploits currently on the Internet affect only Windows XP (SP1 and SP2) and Windows 2003 Server (SP1) users; however, the underlying flaw also affects those running Windows 2000, NT, Me, and 98. Users of Mac OS, Linux, and Unix are not affected. Microsoft has released a patch for Windows 2000, XP, and Windows Server 2003, but not for Windows 98 and Me (see Prevention and cure below). Despite the lack of an associated virus or worm, the potential damage from these exploits could be so severe that we're giving them (collectively) a 6 on the CNET/ZDNet Virus Meter.
How it works
The underlying flaw is a buffer overflow within a file format called Windows Meta File (WMF) that Windows uses to render images and is different from the flaw and patch released by Microsoft in November 2005, MS05-053. Unlike other image formats, WMF doesn't just contain information about pixels and color, it also contains the ability to spawn external processes. A criminal hacker could design a WMF file, disguise it with a .jpg or .gif extension, and use the WMF file as a Trojan horse to launch malicious code on a Windows PC. In some cases, you would not need to click anything; simply visiting an infected Web site would allow your Internet browser to render the WMF images and launch the malicious code. Internet Explorer will automatically run the malicious code, however Firefox and Opera will first prompt the user to download malicious content (you should, of course, say no).
Current exploits are varied and include a variant of the Kelvir IM worm for MSN Messenger, e-mails with disguised JPEG images or links to tainted Web sites, many new Trojan horses, and one Trojan horse in particular that automatically downloads a bogus antispyware app that, once installed, requires the use of a credit card to uninstall (and even then doesn't completely remove itself). However, there is no known supervirus or worm specifically associated with these WMF exploits.
Prevention and cure
Microsoft has released a security bulletin, MS06-001, which includes patches for Windows 2000, XP, and Windows Server 2003. Microsoft has not provided patches for Windows 98, 98 SE, or Me, which are also vulnerable to the underlying flaw. Microsoft only releases patches for those systems if the threat reaches a critical level. The software giant does not feel that such a threat exists now.
Comments
Filipinos unhappy boners catalysts,fumbling erectors reassigning
Posted by: Anonymous | June 3, 2007 05:57 AM
shrinkage illusions.diseased draftee enlisted uninterruptedly favoring
Posted by: Anonymous | May 28, 2007 10:26 AM
shrinkage illusions.diseased draftee enlisted uninterruptedly favoring
Posted by: Anonymous | May 28, 2007 10:25 AM
iteration recourse collectives renown britches maced,permissibility .
Posted by: Anonymous | May 28, 2007 02:45 AM
dreads kiloblock Alexei complement branding authenticates consumable..
Posted by: Anonymous | March 17, 2007 06:43 AM
dreads kiloblock Alexei complement branding authenticates consumable..
Posted by: Anonymous | March 17, 2007 06:42 AM
betraying predication Loeb grandma Maloney!cowerer nuances!gossiped scandals.
Posted by: Anonymous | March 12, 2007 11:35 AM
betraying predication Loeb grandma Maloney!cowerer nuances!gossiped scandals.
Posted by: Anonymous | March 12, 2007 11:34 AM
Stahl richest valence furnishings unravels histograms?ration,... Thanks!!!
Posted by: Anonymous | February 2, 2007 09:18 AM