Huge virus threat rocks Microsoft

Post #240,218 by jbrabeck 1/3/06 12:18:39 PM Reply	Huge virus threat rocks Microsoft Huge virus threat rocks Microsoft Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus. January 3, 2006: 11:08 AM EST NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs. According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw. What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file. "The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen. "Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990. From [link\|http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes\|CNN] A good friend will come and bail you out of jail ... but, a true friend will be sitting next to you saying, "Damn...that was fun!"
Post #240,378 by n3jja 1/4/06 5:34:52 PM Reply	yawn /me looks up from his OS/2 machine and says, "What was that noise?" /me goes back to sleep.
Post #240,395 by altmann 1/4/06 8:08:46 PM Reply	Are you sure? What about Win-OS/2? -- Chris Altmann
Post #240,396 by jake123 1/4/06 8:19:45 PM Reply	That would largely depend on the payload If it's written to win32s, then maybe. Otherwise, almost certainly not. So, potentially one could deliver the payload, and get the system to try to execute it, only to find that the payload is not compatible with the system executing it. It'd be kind of interesting... load a page to get a win32s error, or more probably, a straightforward error saying that the program is not an os/2 compatible program. Now, if the payload was os/2 code, that would be possibly different, but how many of these people are going to know the right parameters to pass to DosExecPgm to tell it to start in an OS/2 session instead of a Win16 session? Hell, how many of them know about DosExecPgm or DosStartSession to begin with? Note: pulling the api calls out of the recesses... could be wrong a bit about the name. I'll look it up after I get off work and edit if necessary... --\n-------------------------------------------------------------------\n* Jack Troughton jake at consultron.ca \n [link\|http://consultron.ca\|http://consultron.ca] [link\|irc://irc.ecomstation.ca\|irc://irc.ecomstation.ca] \n Kingston Ontario Canada [link\|news://news.consultron.ca\|news://news.consultron.ca] *\n-------------------------------------------------------------------
Post #240,405 by n3jja 1/4/06 11:57:55 PM Reply	I've heard that's on here somewhere. Never use it.
Post #240,425 by Andrew Grygus 1/5/06 1:33:30 AM Reply	Win-OS/2 ??????? Hell, the last time I used that is so long ago I'd forgotten it even existed. I'll be shuffling a couple office machines soon and I'll make sure Win-OS/2 is purged (DOS support, on the other hand, is VERY important). [link\|http://www.aaxnet.com\|AAx]

Welcome to IWETHEY!