A Computer Security Note
(January 1, 2006)
© 2006 Virginia
Lawrence, Ph.D., SPAWN Technical Internet Editor Upcoming Meetings
Special Events
Membership Information
Contact SPAWN
SPAWN Members
Search the Directory
Resources for Everyone
Books on Writing, Publishing
Articles on publishing
Book Printers
Book Services
Legal Services, etc.
Other Organizations
Other Resources
Member Publications
Index to the Site -NEW-
Webmaster This site created by
CogniText:
Information by Design.
Just in time for the new year, there is an obnoxious new computer exploit to guard against. It's called the Zero Day Exploit of the WMF Flaw, and it's being distributed by thousands of otherwise legitimate Web sites. The ads on those Web sites are exploiting a Microsoft flaw to install software on every computer that visits the site. They install, and then the software can get full control of the computer. The experts say that right now the exploits are "only" installing spyware and/or fake anti-spyware software. This will definitely change as more virus writers become involved.
It's vital to avoid getting infected. Unfortunately, Norton and the other antivirus programs cannot catch this problem at this time. Internet Explorer is the main target. The Firefox browser does not allow infection unless the computer has Google Desktop installed.
This flaw affects Windows 2000, Windows XP, Windows XP x64 edition, Windows Server 2003 (but not Windows Server 2003 SP1), and Windows Server 2003 x64 edition. Users of Windows 98, Windows 98 SE, and Windows Me are not affected.
Here's the Zero Day WMF Flaw fix from the Washington Post:
http://blogs.washingtonpost.com/securityfix/2005/12/exploit_release.html
"A couple of security firms, including Verisign's iDefense, have published workarounds that appear to mitigate the threat. According to iDefense, Windows users can disable the rendering of WMF files using the following hack:
- Click on the Start button on the taskbar.
- Click on Run...
- Type (or copy from here and paste)
regsvr32 /u shimgvw.dll
to disable.- Click ok when the change dialog appears.
iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above."
More articles to read if you want corroboration:
http://www.scmagazine.com/uk/news/article/533814/windows-image-flaw-threatens-users/
http://www.eweek.com/article2/0,1895,1906177,00.asp
http://www.eweek.com/article2/0,1895,1906513,00.asp
"Adware sites appear to be going hog-wild with this attack. According to Sunbelt Software, over a thousand sites are spreading more than 50 variants of it, thanks to an underground adware infection network that acts something like the DoubleClick of adware."
http://www.eweek.com/article2/0,1895,1906211,00.asp
Unfortunately, this is not a joke. Note that the reports are from the Washington Post, plus eWeek and SC Magazine (both important computer publications.) Microsoft recognizes the problem. They have a page recommending the disabling procedure listed above, but their page is extremely difficult for anyone other than a security specialist to read.
Please protect your computer and your data.
~ Virginia Lawrence, Ph.D., SPAWN's Webmaster and Technology Editor, is a professional Web Designer and Online Marketing Consultant who publishes both in print and online. Contact her at virginia@spawn.org or visit her Web site at http://www.cognitext.com
To receive articles like this every month,
subscribe now to the free monthly SPAWNews e-newsletter.