...is this for real?

http://abcnews.go.com/Technology/ZDM/story?id=1466666

I don’t see why it wouldn’t. I mean, nothing actually looks wrong about the articles to my inexperienced eye. Uh, aside from the fact that at one point the first article forced a kinda “please take this survey” thing, and when I clicked ‘cancel’ it decided to take me someplace anyway.

That’s a lot of i’s in the ABC news story title.

Very real, the exposure, or 0day, or whatever the cool-kids term is, was released about a week ago. Since then, its been in the wild, and Microsoft has been working on a patch for it. The patch was supposed to be released yesterday as a beta, so you wouldn’t get it through autoupdates, but i’m not even sure if they released it.

In the meantime, one of the guys who wrote the original exposure has written an unofficial cover. You can get it <a href=“http://isc.sans.org/diary.php?storyid=996”>here</a>, though i haven’t installed it (don’t use windows lololol), so i don’t know how it works.

It’s on the internet so it MUST be true.

Makes me glad I’m getting used to Firefox. Since I don’t remember seeing this extension before, what are .WMF files and where could I encounter them?

Its an image filetype, and you can still be affected even if you use firefox. WMF is an old vector graphic filetype, so it isn’t really a picture file, but more of an instructions file that windows reads, then draws and displays an image from. The problem is that instructions that have nothing to do with drawing images (arbitary code, other windows comands), can be injected into the file as it is being run by windows.

Definitely real. MS is working on a patch, scheduled to come out Jan. 10th.

Another bug in windows code that causes arbitrary code to be run in a windows file format? Who’d have thunk it!

First microsoft makes it possible to embed viruses in e-mail, now they make it possible to embed viruses in pictures. What next, viruses in a plain text file?

X5O!P%@AP[4\PZX54(P^)7CC)7}H+H*

Yes. You’re surprised?

If people are dedicated enough to make viruses for PSP and DS, and Firefox-specific spyware, we really shouldn’t be surprised by more Windows viruses. Those are easy to make, comparitively. I’d say that it’s only a matter of time before we see viruses for alternative operating systems, but those tend to update faster, their users are smarter about downloading updates (and not downloading unknown files), and most of the virus and spyware authors are using those operating systems.

thisisnotavirus.txt

There might be viruses for PSP and DS, but the only way to get them is to manually upload the virus. Most users won’t be doing something like that, since it requires sort of hacking the system.

The problem with windows isn’t that there are viruses for it, it’s that there are ways found all the time to install viruses just by having the user view something. There were bugs to run arbitrary code when a user views a web page, when a user views an e-mail, and now it is known that arbitrary code can be run if a vector graphics file is rendered.

So? Pages, email and lots of other stuff are arbitrary code already. If one wanted, it’d be possible to do all that for other systems too. The hard flick is to make a system which separates good code from malicious one.