What is Digg?Sponsored by Dragon Age: Origins
Join the Dragon Age: Origins development team on Facebook view!
facebook.com/DragonAgeOrigins - EA presents BioWare's new dark fantasy epic Dragon Age: Origins. '9/10' from Game Informer.
45 Comments
- egorgry, on 10/12/2007, -0/+3But it isn't the truth. Read F-Secure's blog ( http://www.f-secure.com/weblog/ ) to find out how it works and that they'll tell you users of Firefox and Opera DO NOT get infected just by visiting the website.
qft :)
I neglected to observe teh "automatically" part of teh original post. I bow to you, my friend. enjoy the +3 - Smokezz, on 10/12/2007, -0/+3CaughtThinking: What does pirating Microsoft software have to do with it? Just because one person got this from a "crack" site, doesn't mean thats the only place its going to be... Or do legitimate versions of Microsoft software never get virii in your world?
- Krane, on 10/12/2007, -1/+4But it isn't the truth. Read F-Secure's blog ( http://www.f-secure.com/weblog/ ) to find out how it works and that they'll tell you users of Firefox and Opera DO NOT get infected just by visiting the website.
- schrodingercat, on 10/12/2007, -1/+4From the article:
"This really means two things:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 - shipped in 1990!" - Luftwaffle, on 10/12/2007, -1/+3It's not a bug, it's an undocumented feature.
- inactive, on 10/12/2007, -0/+1undocumented feature? yeah ok.
http://winfx.msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/T_System_Drawing_Imaging_Metafile.asp
It's been around since the days of Windows 3.1 - Malakin, on 10/12/2007, -2/+3If you use Firefox or Opera you will not "automatically" get infected. Simple solution is don't use IE.
- trueshadow21, on 10/12/2007, -0/+1just to make this clear, in this exploit WMF means windows meta file, which is a type of thumbnail file that displays by using script, normaly it would not do anything harmful, but this one (among other smaller things) causes an error that starts a sort of second run that is trigered by an error, go to grc.com/sn to find a link to a program that will stop the second mode thing. and just to be clear on what this is, if you get it it can to about anything to your computer that does not require physical access. so this is some what a feature, but not really, mostly just for an error, so this link is not really telling the truth
- Yodacola, on 10/12/2007, -0/+0DUPE
http://digg.com/security/WMF_FAQ - JetTredmont, on 10/12/2007, -0/+0"in all frankness, nothing is an "exploit" until its used to do something bad with it."
Ummm, rtfa. There are several known exploits in the wild, which install everything from spyware to fake anti-spyware/anti-virus, to backdoors (essentially, opening your computer's "back door" to any one who wants to take it over).
These, quite definitely, qualify as exploits.
Note, also, that there is a third-party fix, but still no word from Microsoft on a patch. Sigh. Par for the course, though, I guess. - MyBotPiko, on 10/12/2007, -0/+0>Nice headline. But, when an image file can pwn your Windows box, that's a bug.
An accidental feature that can be exploited = bug
A feature put there on purpose by the designers/programmers like it is in this case = not a bug, just designers/programmers with no sense of security. - pluto41, on 10/12/2007, -1/+1Or if someone manage it to get it into a IM avatar (the extension doesn't have to be .wmf) then all online people on the list are *****. When then the trojan could change te victim(s) avatar then it would spead very very quick.
Dunno if this is possible i don't run Windows but Linux so i can't check. But i can imaging that most people dont fill in passwords but use rememberd passwords. A trojan could do something with that knowledge i suppose.
We haven't seen the last of this nasty feature i'm afraid. - paulchu, on 10/12/2007, -0/+0in all frankness, nothing is an "exploit" until its used to do something bad with it.
and for those of you using linux, WE DON'T CARE. I swear you guys are worse than Jehovah's Witnesses. - Ringo47, on 10/12/2007, -0/+0LOL
Nice headline. But, when an image file can pwn your Windows box, that's a bug.
and to trueshadow21:
"just to make this clear, in this exploit WMF means windows meta file, which is a type of thumbnail file that displays by using script,"
I like how you pretend to know what you're talking about. But WMF files are image files. Just like PNG or JPG. They're not necessarily thumbnails.
I believe the part of the exploit you're referring to is when Windows explorer generates thumbnails from images. That will render the .wmf file, and trigger the code (script) in it. Thus causing unspeakable harm to your computer, without your doing anything more than downloading a *.wmf file and using that stupid thumbnail preview option in explorer.
Next time get a clue before you act like you know what's going on. - Digisurfer, on 10/12/2007, -2/+2Everyone always makes such a big deal about Windows not being secure. Well, nothing is secure really. Security is an illusion folks, no matter the OS. It's like a house or a car. You lock all the doors and thus feel secure, but did you ever bother to notice all the glass windows? Human behaviour is funny that way, and will always be the weak point for any OS. I won't deny Windows is worse because of course it is. It's so widely used, how can it not be. For what it's worth, I've been a Windows user since 3.11 and have only ever gotten one virus in all this time, and in that case it was my fault for playing with fire. Curiosity and all that lol. As usual, this will eventually be patched and life will go on.
- egorgry, on 10/12/2007, -1/+1"If you use Firefox or Opera you will not "automatically" get infected. Simple solution is don't use IE."
Yes U DO. HA! Any browser will get you infected.
Quoted for truth. - scutter, on 10/12/2007, -0/+0I tested out MSN messenger to see if a WMF file renamed as .JPG would show up as an avatar. It did not work.
To the guy that suggested using Firefox would avoid the exploit: What about receiving a spam email via MS Outlook? The best protection right now is to use the 3rd-party patch. - Snay, on 10/12/2007, -0/+0Its not a bug, its a rather well documented feature. Heh,
I'm actually a little surprised something like this wasn't picked up on earlier.
Cant wait for bit torrent to hurry the heck up so I can get opensuse on my new laptop. - grayapple, on 10/12/2007, -0/+0I think you can disable Windows from reading WMF files from the file type options. Not sure, haven't been on the advance side of windows for about a year
- psychoaliendog, on 10/12/2007, -0/+0for information on a patch check out http://digg.com/security/WMF_Zero_Day_Exploit,_solution.
- grayapple, on 10/12/2007, -0/+0***** one for windows users then, I'd like to see Microsoft respond to that and tell use how they expect to sort it out, They do still support Windows 98 right?
- inactive, on 10/12/2007, -0/+0What does this 0-day exploit anyway ?
I mean, the F-Secure labs only says its a "0-day Exploit" but not what it does... What is it does ?
If you know it... - ubuntuist, on 10/12/2007, -0/+0To the one who asked, The GIMP can read WMFs!
- MoeB, on 10/12/2007, -2/+1"If you use Firefox or Opera you will not "automatically" get infected. Simple solution is don't use IE."
Yes U DO. HA! Any browser will get you infected. - inactive, on 10/12/2007, -2/+1Windows (doesn't matter which version): 20 years of engineering compromises all dressed up and ready to screw you yet again.
- CaughtThinking, on 10/12/2007, -2/+1In short, if you want to stop getting hit by every damn virus, STOP PIRATING MICROSOFT SOFTWARE.
- GarySwager, on 10/12/2007, -1/+0no, it does not. Your example illustrates that virus makers prefer to invest their efforts into making viruses for the dominant and most-used OS.
- Erroneus, on 10/12/2007, -1/+0gravyapple, yep but the wmf exploit can use gif and jpg files to... therefore using the unofficial patch is the best way to go.
IS not a bug, it's a feature... believe it or not :) - Deusiah, on 10/12/2007, -1/+0Digisurfer nothing is totally secure no but there are levels of defence and security and Windows certainly isn't on the top of the secure list. I run Linux and Windows (for games), I have never had a virus on Linux but had several on Windows and yes I secure Windows as best as I can. I'm not saying I'll never get a virus on Linux but surely it stands as an example as to which OS is most secure.
- chandler, on 10/12/2007, -1/+0Anybody know a website with the source code on it?
- hipsterelitist, on 10/12/2007, -1/+0yet it doesn't really explain too much about it.
- Dash-2, on 10/12/2007, -2/+1Dammit, I got this damn virus! From a crack site, It ran on its own, I didnt download anything. Not only did it disable Task Manager, but it ***** up system restore so it wouldnt work. Ittook me about 2 hours trying to get it all off. Thank god for Safe Mode! Glad there is some info on this!
- JimXugle, on 10/12/2007, -1/+0Hmm... *heads to windows update*
" To use this site, you must be running Microsoft Internet Explorer 5 or later."
ok... $ apt-get install iexplore
WTF?!!
oh... Linux.... riiiiiighttt.
[Homer]Woo-Hoo![/Homer] - xbmodder, on 10/12/2007, -1/+0GRR! Why can't Linux read WMFs? I hate these features, they don't work on open-source. BTW: This exploit can be used to own MySPACE!
- egorgry, on 10/12/2007, -2/+1"Dammit, I got this damn virus! From a crack site..."
They sell crack on the internet now?
I do feel for you but I'm always entertained by the irony of people getting infected/pwned by trying to get software illegally - Refusedb, on 10/12/2007, -1/+0This one hit my desktop (which my brother uses mostly)
but not my laptop =P
I gave up too quickly and just reinstalled windows (it needed it anyway),
How'd you get rid of it?
my friend got it too, since he doesn't have an external hd i'd like to know how you did it Dash-2 - CaughtThinking, on 10/12/2007, -2/+0my XP installation stopped several of these attempted hacks on its own, and even told me about it.
i wonder if people who are getting hit by viruses and such are people who use cracked versions...
yeah some stuff slips through here and there, but its on the order of every 6 months or so which is amazing considering how much i use the computer. also, when it happens its taken care of in the nightly run. i have every anti-spyware item enabled for live protection and i see no performance hit on any my software, audio/visual etc. - michnaugh1, on 10/12/2007, -3/+0Anyone else notice that msn seems to be down? I can't get on to messenger through Adium. Wonder if it has to do with this vulnerability.
- BlueStarr, on 10/12/2007, -3/+0ROTFLMAO@U
Enjoy your white finish, enjoy!
CUI - johnnyhay, on 10/12/2007, -3/+0People won't have to worry with their new "trusted computing" computers, that's coming out with windows vista. Hey, it may take away your freedom, and you won't be able to copy "copy righted" material anymore, but it's to protect you, the user, from the all the bad programs and code on the internet.
- panique, on 10/12/2007, -3/+0I guess it has not occurred to ANYONE at Microsoft to remove this feature since the began the "Year of Security", which was what? 3 years ago? Get a Mac. Windows is truly insecure beyond repair. At least OS X isn't a huge ***** of spaghetti code, thus enabling rapid response (as has been demonstrated already) to any security issues that arise.
- deadapostle, on 10/12/2007, -4/+1White married female featuring bugs seeks male same. Vulnerable males only, please.
- wilcohol, on 10/12/2007, -3/+0hi micnaugh. msn isn't down ~
- japanlover, on 10/12/2007, -3/+0Linux > OS X > others > Windows
- eastcoastweb, on 10/12/2007, -5/+0LOL!!!!!!! Your the sheep on Windows....
Glad I am on OS X now. I don't miss Windows one bit...
© Digg Inc. 2009
— Content created and posted by Digg users is