*snip* (look at MBs post) (MB stands for Mega Babykiller. It's true.)


I just turned images off. Christ that's scary.

This has been known for a while.. turning off images seems a bit drastic

This is a new exploit. It hasn't been "known for a while". Microsoft released a patch for a similar issue recently.

There is no surefire way to defeat it apart from uninstalling Windows. It affects everything going back to Windows 95. Repent, sinners, for your time of reckoning is at hand.

Edit to include slightly more helpful information: If you have a new processor (Nocona-core Pentium or any Athlon 64) this virus won't affect you. It might make Explorer crash but your system won't be compromised. The new processors include special hardware that disables the execution of code in the event of a buffer overflow.

So people on this forum can upload images that use this exploit?

Woohoo! Score one for AMD64!

Okay okay, so since there was a whole big debacle about a video site before, im going to copy the post with all the proper links and get rid of the SA link. Gimme a few

At the risk of giving people bad ideas? Yes.

A member of the Something Awful Forums actually placed this exploit in his signature, infecting a number of other visitors.

WHAT IS IT?
There is a new exploit out that uses WMF (windows metafile format) files to infect a computer. All you have to do to get infected is view a webpage that has the image on it, or access an infected image that is on your computer. That means the forums can be a vector for infection too. (In fact, user Blue Reptile has already been permabanned for putting the exploit in his signature.)


WHO IS VULNERABLE?
The exploit affects Firefox, Internet Explorer, and any other browser that displayes or downloads the file into the cache on the local machine. The file could also be a WMF renamed to any other image type, or possible other filetypes. Anything that puts the image exploit onto your computer or opens it up in windows fax viewer or the part of windows that generates thumbnails of WMF files is a vulnerability. This means any vector that puts the image onto your computer (wget, browser, email, IM, etc) can potentially cause the problem.

This affects anyone on Windows (98, 98SE, ME, 2000, XP, 2003). USING FIREFOX DOES NOT ELIMINATE THE RISK as the file is still downloaded to your cache in most cases, but it does reduce your chances somewhat since the image is often not displayed in the browser. But if you then interact with the file in any way (thumbnail it, Google Desktop, hover over with the mouse) that causes it to be handled by the windows subsystem responsible for WMF then you will have problems. Once again, YOU CAN BE CAUGHT BY THIS EXPLOIT EVEN IF THE IMAGE DOES NOT SHOW IN THE BROWSER. If you use Windows, your system is vulnerable.




WHAT DOES IT DO?
The exploit can be used to drop viruses, trojans, installers etc onto your computer when the exploit is activated (when the file is parsed by the part of windows with the problem). It does not do anything by itself until it is activated. There have been several reports of trojans being downloaded, which then download other things, other spyware, etc. Some of these are "SpyAxe", "AYL" trojan downloader, "ASC" trojan, and other stuff. Here's a video of what this version is doing: http://www.websensesecuritylabs.com...s/wmf-movie.wmv (thanks Merijin).



For further technical information please see the SH/SC thread - http://forums.somethingawful.com/sh...hreadid=1759573




WHAT YOU CAN DO TO HELP PROTECT YOURSELF
1. SCAN YOUR COMPUTER - NOD32 TRIAL VERSION (http://www.eset.com/download/trial.htm) is a good one. Update the definitions right away after installing - they auto-update but you want to be sure you have the latest. (Your goal is to have an antivirus software with a realtime scanner that detects the exploit itself, and not just the payload that it drops. NOD32 does this, at least for this variant.)
Even if you think you are safe, scan your Windows computer anyway. ClamWin appears to catch this, but it doesn't have a realtime scanner. SAV Corporate 10.2 does not catch it outright (the bloodhound heuristics may) but Symantec's own site says that it possibly may never work fully for this due to something about how the virus works. AVG, McAfee, Trend are unknowns at this point. I have personally tested NOD32 and found that it's AMON on-access scanner stopped the image as soon as it was saved to the cache, before it was able to execute anything. NOTE: SCAN ALL FILES. Some AV solutions only scan "infectable" files and do not scan image files because the program thinks they are safe. Check for an option to scan all file types and make sure that is enabled.
UPDATE: Most AV companies should have definitions updated by now, but check to be sure that they protect against the actual exploit itself, not just against whatever trojan the exploit drops on the computer.

2. USE AN ALTERNATIVE BROWSER - Using Firefox or an alternative browser will reduce your risk because it does not display the image. However the image is still downloaded to your cache, and some browsers prompt you to open the file - which you should not do!

3. TURN OFF SALR's feature that makes text links into images. If you have that feature turned on, someone could make just a text link that displays the infected image in your browser.

4. TURN OFF GOOGLE DESKTOP or anything else that does indexing of files on your computer.

5. USE COMMON SENSE - Don't go to links you don't trust, don't open files you aren't expecting, including suspicious email or IM's, etc.

6. KEEP ON TOP OF WINDOWS UPDATES - Hopefully they can fix this one quickly, but you really should be up-to-date on everything else anyway.

7. AVOID IMAGE SEARCHING and visiting webpages you don't trust. Some of the places this image has been popping up are: eBay XBOX auctions, porn sites, google image search, wikipedia, myspace, other forums, etc - places where people can post their own images. If you have a competent realtime scanner that can catch the image before it executes anything you are ahead of the game here.


BONUS TECHY STUFF
8. You can try unhooking the part of Windows that views those image files. To do this, click Start -> Run and type regsvr32 /u shimgvw.dll then press OK. You will get a confirmation message. To undo this, repeat but type regsvr32 shimgvw.dll instead. Note: This only has a minimal benefit - it only disables the image viewer itself. It doesn't prevent against viewing the exploit image in Internet Explorer, for example. Messing around with this is at your own risk

9. Forum user R1CH, the Ron Jeremy of Coding, has come up with a patched file that can reportedly help eliminate the problem. The instructions are on page 3 of this thread (pages 7/8 of the SHSC thread). This is also at your own risk since it's not an official Microsoft patch. If you install this update from R1CH there is a chance that Windows Update will detect it and show you that an update is available - that update it shows you is for a previous vulnerability and will actually roll back your system to the pre-R1CH broken dll file from November 2005.



BOTTOM LINE: If you use Windows, you will not be 100% safe from this exploit until the problem in windows is patched - there is no official patch yet.





This text was taken from the SA forum post.

Scary...

So wouldn't clearing the cache get rid of the infected file and then you wouldn't have to worry about it, or does the file spread itself elsewhere?

And suddenly, I am happy again.

If the file hasn't been activated yet then I'd suggest using the scanner they offer up. I wouldn't suggets manually clearing the file as it could activate it.

Another solution not mentioned: Use a non-suck operating system.

[QUOTE=Cool Matty]Another solution not mentioned: Use a non-suck operating system.[/QUOTE]

It has nothing to do with a "suck operating system", so stop coming in here and trying to push your stupid 'lol windowsux' diatribe.

[QUOTE=Cool Matty]Another solution not mentioned: Use a non-suck operating system.[/QUOTE]

what about the people who simply can not be ****ed with learning how to use a brand new operating system? linux looks far too fiddly for me. i'm just disabling images for now.

[QUOTE=Cool Matty]Another solution not mentioned: Use a non-suck operating system.[/QUOTE]
I like to do this thing called "use programs."

"LOLZ My OS never crashes. Oh but you can't use it because you know... sometimes people have to use specific programs for specific things... and if that other OS is so great, companies would probably make versions of the various editing softwares you use... but they... you know... don't really make any... so you can't do your work or anything... but it NEVER crashes."

I think that's what you meant to say.

[QUOTE=Cool Matty]Another solution not mentioned: Use a non-suck operating system.[/QUOTE]
No. No. No. We won't go down this path.

Yes, JG prefers the darkside.

I really hate to hop on the short bus here, but have any of you used Linux recently? Ubuntu and Kubuntu are right up there with OSX and Windows. In terms of raw ease-of-use, UI design guidelines, application availability, reliability and security, I'd be willing to bet that the average user would be much happier with an install of Kubuntu than an install of Windows.

In my opinion the largest barrier to adoption is the odd naming scheme (Konqueror versus Internet Explorer; Kaffeine instead of Windows Media Player; GAIM or Kopete instead of AOL Instant Messenger/MSN Messenger). The default menu names in Ubuntu help out a lot but it's still not quite enough.

It's not the right tool for every job but it's not anywhere near as bad as most people think. Don't knock it until you've tried it. Kubuntu is easier to pick up than you can possibly imagine.

It's also got alot to do with the licenses of several very expensive pieces of software... some of which are not available for linux. I need a lot of stuff for video editing.

You see, I like playing games though. As do most users here. And I don't care how easy you say it is to play them in Linux, I know better. And they will if they try using it.

Otherwise, I would use *nix, just because I like the system.

but what if all i do is play games and listen to mp3s... on a computer i cant even be bothered to format... with loads and loads of hardware drivers missing or cds broken?

Spe's got the idea of how computing is supposed to be done.

[QUOTE=Dj Yoshi]And I don't care how easy you say it is to play them in Linux, I know better.[/QUOTE]
I say it's a pretty tough situation. I guess that means you think it is easy.

Linux is getting better for gaming, mostly due to the contributions of Id and Epic. As far as game installation and patching goes, both Debian-based (Ubuntu) and Gentoo *crush* Windows, since the OS itself automatically pulls down the latest patches for you when you install the software.

People here may play games, but the 'average' user doesn't. I mean, apart from Solitaire. And as I drift more toward console gaming I'm finding myself increasingly satisfied by whatever is available on the platform. Maybe other people would agree?

WE'RE ALL GONNA DIIIEEE!!!!

if(getThingFlags(source) & 0x8){
  do her}
elseif(getThingFlags(source) & 0x4){
  do other babe}
else{
  do a dude}

damn straight, no technobabble coming from me.

[QUOTE=Mr. Stafford]but what if all i do is play games and listen to mp3s... on a computer i cant even be bothered to format... with loads and loads of hardware drivers missing or cds broken?[/QUOTE]

Plop Knoppix into your CD rom drive, reboot the PC, and have at it.

BUT LINUX DOESN'T HAVE CLIPPY!!!! I SHALL NEVER ABANDON YOU, CLIPPY!!! NEEEEEEVVVEEEERRRRRR

[QUOTE=Cool Matty]Another solution not mentioned: Use a non-suck operating system.[/QUOTE]

Or I guess you could just let people do what is efficient FOR THEM without your constant arguing that Windows sucks. While that may be true (although not proven), if it's efficient for a person, it's efficient for them.

How efficient does it become when you lose all your files because of a virus? Not so efficient anymore.

[QUOTE=Dj Yoshi] Christ that's scary.[/QUOTE]

JESUS ****ING CHRIST

[QUOTE=Cool Matty]How efficient does it become when you lose all your files because of a virus? Not so efficient anymore.[/QUOTE]

And how efficient is it for a novice to dual-boot or perhaps even format their Windows partition to install Linux, and convert all of his or her data to be used on the Linux OS? Not to mention to get some basic understanding of what is going on in Linux? You people say that "Oh man, Kubuntu and such are so easy to use now, anyone could use them". You GREATLY underestimate people's "smarts" with computers. People who are smart enough to install Linux and use it correctly are smart enough to avoid viruses.

[QUOTE=Cool Matty]How efficient does it become when you lose all your files because of a virus? Not so efficient anymore.[/QUOTE]


Actually, that wouldn't make it any less efficient. It just makes it frustrating and angering.

How many people can install Windows? I guarantee you the vast majority of people who run windows have no clue how to install it.

I hate myself now. This is the fifth time in as many days that Ive found myself totally agreeing with something Jon`C said.

No more Asian porn for you.

That's not necessarily true. It doesn't matter how "smart" you are, the next major win32 vulnerability will still be exploited before it gets announced, and you will still get slammed with the next major virus.

[QUOTE=Cool Matty]How many people can install Windows? I guarantee you the vast majority of people who run windows have no clue how to install it.[/QUOTE]

So what gives them the smarts to install Linux?? You're proving my point that people's competency with computers is greatly overestimated. My point is that if people are content with what they have, that you shouldn't force them into unknown territory if it isn't necessary. A time will come for them to make that choice.

Most people AREN'T content with what they have, they just don't know any better.

And just because it is hard to install, does NOT eliminate it as a perfectly acceptable solution to the problem at hand.

i think you're assuming most people give a rats *** as much as you do.

I'd move to linux, if it benefitted me and if i could be bothered... but it doesnt and i can't.

I know a crapload of people who simply do not have the time and cant be bothered with the effort of switching to linux, simply because its so much less hassle to keep using what they have.

Not everyone is interested in a perfect machine that runs without crashing 24 hours a day.

Not really. I've never gotten slammed by a virus as an effect of a "new win32 exploit". I've only gotten slammed when I've done something risky that I know might end up infecting me with a virus (usually right before I'm planning on formatting anyways.