more on Huge virus threat rocks Microsoft

[David Farber <dave () farber net>]

Begin forwarded message:

From: Bob Frankston <Bob2-19-0501 () bobf frankston com>
Date: January 3, 2006 5:40:29 PM EST
To: dave () farber net, ip () v2 listbox com
Subject: RE: [IP] Huge virus threat rocks Microsoft

This is a serious problem -- worse if it affects embedded systems.

But I'm afraid to install the patch because I don't know exactly what it
does. I may do it anyway.

There are more detailed discussions as at
http://www.aota.net/forums/showthread.php?p=143062.

It emphasizes the need to deinstall the patch before installing  
Microsoft's
fix -- this may be problematic for those with automatic updating  
enabled.

I have no simple solution for these kinds of problems -- but it's not  
just
a computer problem. I'm still waiting for law enforcement  
organizations to
play a more visible role even if only as a deterrence.

Is the NSA too busy mining data to track down more immediately  
threats --
at least if the miscreants are in other countries which is highly  
likely.

-----Original Message-----
From: David Farber [mailto:dave () farber net]
Sent: Tuesday, January 03, 2006 16:40
To: ip () v2 listbox com
Subject: [IP] Huge virus threat rocks Microsoft



Begin forwarded message:

From: EEkid () aol com
Date: January 3, 2006 2:02:17 PM EST
To: dave () farber net
Subject: Huge virus threat rocks Microsoft

Mr. Farber,

This can't be a new discovery, I witnessed a virus infection from
simply visiting a web page well over a year ago.

Jerry

Huge virus threat rocks Microsoft
Report says a newly discovered flaw could expose hundreds of millions
of Windows PCs to virus.

January 3, 2006: 11:08 AM EST

NEW YORK (CNNMoney.com) - The new year is off to a rocky start at
Microsoft, where security experts are scrambling to confront a
potentially massive virus threat to Windows PCs.

According to a report Tuesday in the Financial Times, the latest
vulnerability involves a flaw which allows hackers to infect
computers using programs inserted into image files. The threat was
discovered last week. But it mushroomed over the weekend, when a
group of hackers published the source code they used to exploit the
flaw.

What makes this threat particularly vicious, according to the Times,
is that unwitting victims can infect their computers simply by
viewing a web page, e-mail, or instant message that includes a
contaminated image. That differs from most virus attacks, which
require a user to actually download an infected file.

"The potential [security threat] is huge," Mikko Hypponen, chief
research officer at F-Secure, an antivirus company, told the Times.
"It's probably bigger than for any other vulnerability we've seen.

"Any version of Windows is vulnerable right now," said Mr. Hypponen,
including every Windows system shipped since 1990.

Microsoft (Research) said in a security bulletin on its Web site, "we
are working closely with our antivirus partners and aiding law
enforcement in its investigation."


http://money.cnn.com/2006/01/03/technology/windows_virusthreat/
index.htm?cnn=yes


-------------------------------------
You are subscribed as BobIP () Bobf Frankston com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting- 
people/




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/