Warning: Images can give you a virus (temp fix released)

This is a general warning for those of you who don't keep up on this sort of thing.

SomethingAwful Forums said:

WHAT IS IT? There is a new exploit out that uses WMF (windows metafile format) files to infect a computer. All you have to do to get infected is view a webpage that has the image on it, or access an infected image that is on your computer. That means the forums can be a vector for infection too. WHO IS VULNERABLE? The exploit affects Firefox, Internet Explorer, and any other browser that displayes or downloads the file into the cache on the local machine. The file could also be a WMF renamed to any other image type, or possible other filetypes. Anything that puts the image exploit onto your computer or opens it up in windows fax viewer or the part of windows that generates thumbnails of WMF files is a vulnerability. This means any vector that puts the image onto your computer (wget, browser, email, IM, etc) can potentially cause the problem. This affects anyone on Windows (98, 98SE, ME, 2000, XP, 2003). USING FIREFOX DOES NOT ELIMINATE THE RISK as the file is still downloaded to your cache in most cases, but it does reduce your chances somewhat since the image is often not displayed in the browser. But if you then interact with the file in any way (thumbnail it, Google Desktop, hover over with the mouse) that causes it to be handled by the windows subsystem responsible for WMF then you will have problems. Once again, YOU CAN BE CAUGHT BY THIS EXPLOIT EVEN IF THE IMAGE DOES NOT SHOW IN THE BROWSER. If you use Windows, your system is vulnerable. WHAT DOES IT DO? The exploit can be used to drop viruses, trojans, installers etc onto your computer when the exploit is activated (when the file is parsed by the part of windows with the problem). It does not do anything by itself until it is activated. There have been several reports of trojans being downloaded, which then download other things, other spyware, etc. Some of these are "SpyAxe", "AYL" trojan downloader, "ASC" trojan, and other stuff.

http://forums.somethingawful.com/sho...0&pagenumber=1

phew i guess opera is safe

"Any application that automatically displays a WMF image will cause the user’s machines to get infected. This includes older versions of Firefox, current versions of Opera, Outlook and all current version of Internet Explorer on all versions of Windows."

Linux is immune, of course.

Mantralord said:

phew i guess opera is safe

I use opera, but it still keeps a cache unless you set it at 0mb

Is there anyway Microsoft can make an update that blocks this?

Yeah, how can I make this not happen to me?

Aside from some annoying .dll edits that could help temporarily? Wait for a patch and avoid questionable sites.

Don't worry, nobody here is clever enough to pull it off.

I beg to differ.

You bitch! I just had to reinstall win

::edit::

Damnit! I had to do it ag

::edit::

OMFG STOP FUCKING UP MY WINDOWS INSTALL, VIRUS!!1

Better not go to imageshack.com!

Get it! Image Shack! Images Hack! z0mg!

I remember reading something about this in a book, and how it was like the "be-all end-all" of viruses. And now it's happening. Creepy.

The end-all of viruses is Ice-9.

Except that a virus can't work that way. In order to be classified as a virus, it has to be capable of self-propogation. This is a method usable for a trojan, which could in turn launch a virus.

Why the fuck does every exploit involving Windows "give the offender complete control of your PC?"

Because M$oft = Satan?

JRwakebord said:

Because M$oft = Satan?

Bill Gates=Satan
M$soft= Worse than the US Gov =\

Here's a temporary fix until the official patch is released.

http://www.hexblog.com/index.html

The fix should not interfere with the patch Microsoft eventually releases and can be removed afterwards.

You must admit, it's all pretty clever. I wonder who thought it all up, putting trojans and whatever in WMF files?