View Full Version : Windows PCs face ‘huge’ virus threat



PUGalicious
01-03-2006, 05:12 AM
If this was posted already elsewhere, my apologies...




Windows PCs face ‘huge’ virus threat

Computer security experts were grappling with the threat of a new weakness in Microsoft (http://mwprices.ft.com/custom/ft-com/quotechartnews.asp?FTSite=FTCOM&q=MSFT&searchtype&expanded=&countrycode=us&s2=us&symb=MSFT&company=NEW)’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.
The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge,” said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

“We haven’t seen anything that bad yet, but multiple individuals and groups are exploiting this vulnerability,” Mr Hyppönen said. He said that every Windows system shipped since 1990 contained the flaw.

Microsoft said in a security bulletin on its website (http://www.microsoft.com/technet/security/advisory/912840.mspx)that it was aware that the vulnerability was being actively exploited. However an official patch to correct the flaw was not expected to be released until January 10.

In the meantime, Microsoft said it was urging customers to be careful opening e-mail or following web links from untrusted sources, and provided instructions for a “workaround” that would reduce the likelihood of attacks.

Meanwhile, some security experts were urging system administrators to take the unusual step of installing an unofficial patch created at the weekend by Ilfak Guilfanov, a Russian computer programmer.

Concerns remain that without an official patch, many corporate information technology systems could remain vulnerable as employees trickle back to work after the holiday weekend.

“We’ve received many e-mails from people saying that no one in a corporate environment will find using an unofficial patch acceptable,” wrote Tom Liston (http://isc.sans.org/diary.php?rss&storyid=996), a researcher at the Internet Storm Center, an antivirus research group. Both ISC and F-Secure have endorsed the unofficial fix.

In its security bulletin, Microsoft made a general recommendation against unofficial patches, saying it was “best practice to utilise security updates for software vulnerabilities from the original vendor of the software”.

Microsoft routinely identifies or receives reports of security weaknesses but most such vulnerabilities are limited to a particular version of the Windows operating system or other piece of Microsoft software. In recent weeks, the company has been touting its progress in combating security threats.

The company could not be reached on Monday for comment.



.

ibda12u
01-03-2006, 07:28 AM
Now's probably a good time, to once again let everyone know I give a $10/hr discount on pc repair for okctalk members :)

Not trying to make light of the exploit, but looks like it'll be a busy year. Mainly because most people aren't usually actively looking for updates, and patches, and installing them. Even more so, it's really important that people just be careful what they click, download, and sites they go to. I think web users who spend a couple hours a day surfing are at risk, but those who surf for movie, music downloads (besides legit services like itunes etc..) or have kids who do that, are at huge risk. And should definatly be concerned.

Curt
01-03-2006, 10:19 AM
This does not surprise me one bit.