Softpanorama

May the source be with you, but remember the KISS principle ;-)
Contents Bulletin Scripting in shell and Perl Network troubleshooting History Humor

Softpanorama Malware Protection Bulletin, 2006

Malware 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010
2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Nov 1, 2006] Business and Financial News - New York Times -- The virus of greed infected McAfee

A former executive of McAfee agreed to pay about $757,000 to settle charges that he played a role in the company's $622 million accounting fraud.

[Oct 21, 2006] Panda Antivirus 2007 only 9.99

I think that even $9.99 is too much, but still it is at least reasonable price for this kind of software :-)

[Oct 20, 2006] Internet Explorer 7 optimized for Yahoo! Get the IE7 download.

IE7 shipped. The software can run on Windows XP Service Pack 2, XP 64-bit Edition and Windows Server 2003 Service Pack 1, according to Yahoo's Web site.
Especially valuable are countermeasures against phishing sites. IE7 includes powerful but mostly invisible changes to how IE handles URLs and scripts. It also provides for the user the ability to control IE add-ons. Microsoft also made significant default changes in the "Internet Zone" and "Trusted Sites" zone to provide defense-in-depth against most dangerous IE attack vectors. The Internet zone, where most users browse was tightened down with two very notable changes. It will run in Protected Mode on Windows Vista and has " ActiveX Opt-In" feature on old versions of Windows. It definitely will also help to reduce the spyware attacks in the internet zone. Also useful is that ability to scale fonts on any page (for long-sighted people that provides the ability to view pages without glasses), newer version of JavaScript engine and better compatibility with the W3C standards.
As you can see Yahoo immediately put it for download as they used to have problems with IE6 on their popular Finance site :-)

October 19, 2006 (IDG News Service) -- Yahoo Inc. put a customized version of Internet Explorer 7 on its Web site for downloading on Wednesday, before Microsoft Corp.'s own release of the browser.

The download page for the specialized final version of IE7 appeared during the afternoon on Wednesday, U.S. Pacific time. Microsoft, in Redmond, Wash., had given Oct. 18 as a tentative release date for the product but had not made the software available itself before Yahoo did.

Yahoo's version of IE7 includes the Yahoo toolbar and uses Yahoo's search tool as a default. It also features two home pages, Yahoo and Yahoo News, according to the company's Web site. It can be downloaded here.

[Oct 20, 2006] Slashdot Vista Security Discussions Get a Rocky Start

Protection Against Malware

Malware, short for malicious software, refers to software applications designed to damage or disrupt a user's system. The proliferation of malware and its impact on security is a driving force behind the design of Internet Explorer 7. The new version has been improved to reduce the potential for hackers to compromise a user's browser or system. In addition, Internet Explorer 7 includes several technical features designed to thwart hackers' efforts to lead users into giving away personal data when they should not. Core parts of the browser's architecture also have been fortified to better defend against exploitation and improve the way the browser handles data.

URL Handling Protections

Historically, attackers have taken advantage of internal code design issues within the Web browser to attack a system. A hacker would rely on a user clicking on an HTML link referencing some type of malformed URL that contains odd or excessive characters. In the process of parsing the URL, the system's buffer would overflow and execute some code the hacker wanted to install. Given the size of Web browser application code, the most efficient solution to fixing these types of attacks was to issue updates as each was discovered and the root cause identified. Yet even with only a handful of such updates required, the more optimal solution was to rewrite the baseline application code. Internet Explorer 7 benefits from these experiences and the analysis of attack signatures. Rewriting certain sections of the code has drastically reduced the internal attack surface of Internet Explorer 7 by defining a single function to process URL data. This new data handler ensures higher reliability while providing greater features and flexibility to address the changing nature of the Internet as well as the globalization of URLs, international character sets and domain names.

ActiveX Opt-In

Internet Explorer offers Web developers the ActiveX® platform as a mechanism to greatly extend browser capabilities and enhance online experiences. Some malicious developers have co-opted the platform to write harmful applications that steal information and damage user systems. Many of these attacks were made against ActiveX Controls shipped within the Windows operating system, even though the controls were never intended to be used by Internet-facing applications. Internet Explorer 7 offers users a powerful new security mechanism for the ActiveX platform. ActiveX Opt-In automatically disables entire classes of controls - all controls the user has not previously enabled - which greatly reduces the attack surface. This new feature mitigates the potential misuse of preinstalled controls. Users will now be prompted by the Information Bar before a previously installed but as-yet unused ActiveX Control can be accessed. This notification mechanism will enable users to permit or deny access when viewing unfamiliar Web sites. For Web sites that attempt automated attacks, ActiveX Opt-In protects users by preventing unwanted access and giving the user total control. If the user opts to permit loading an ActiveX Control, the appropriate control is easily enabled by clicking in the Information Bar.

Protection Against Cross-Domain Scripting Attacks

Cross-domain scripting attacks involve a script from one Internet domain manipulating content from another domain. For example, a user might visit a malicious page that opens a new window containing a legitimate page (such as a banking Web site) and prompts the user to enter account information, which is then extracted by the hacker. Internet Explorer 7 has been improved to help deter this malicious behavior by appending the domain name from which each script originates and limiting that script's ability to interact only with windows and content from that same domain. These cross-domain script barriers will help ensure that user information remains in the hands of only those the user intentionally provides it to. This new control will further protect against malware by limiting the potential for a malicious Web site to manipulate flaws in other Web sites and initiate the download of some undesired content to a user's PC.

Protected Mode

Available only to users running Internet Explorer 7 in Windows Vista, Internet Explorer Protected Mode will provide new levels of security and data protection for Windows users. Designed to defend against "elevation of privilege" attacks, Protected Mode provides the safety of a robust Internet browsing experience while helping prevent hackers from taking over the browser and executing code through the use of administrator rights.

In Protected Mode, Internet Explorer 7 in Windows Vista is completely unable to modify user or system files and settings. All communications occur via a broker process that mediates between the Internet Explorer browser and the operating system. The broker process is initiated only when the user clicks on the Internet Explorer menus and screens. The highly restrictive broker process prohibits work-arounds from bypassing the Protected Mode. Any scripted actions or automatic processes will be prevented from downloading data or affecting the system. Specifically, Component Object Model (COM) objects will only be self-aware and will have no reference information by which to identify and attack other applications or the operating system.

Internet Explorer Protected Mode helps protect users from malicious downloads by restricting the ability to write to any local machine zone resources other than temporary Internet files. Attempting to write to the Windows Registry or other locations will require the broker process to provide the necessary elevated permissions. Internet Explorer Protected Mode also offers tabbed browsing security protection by opening new windows - rather than new tabs - for content contained outside the current security zone.

Fix My Settings

Knowing that most users are likely to install and operate applications using the default configuration, Internet Explorer 7 ships with security settings designed to provide the maximum level of usability while maintaining controlled security. There are legitimate reasons why a custom application may require a user to lower security settings from a default, but it is critical the user reverse those changes when they are no longer needed. Internet Explorer 7 introduces users to the new Fix My Settings feature to keep users protected from browsing with unsafe settings. This new feature in Internet Explorer 7 warns users with an Information Bar when current security settings may put them at risk. When a user makes changes in the security settings window, they will see settings automatically highlight in red if they modify certain critical items. In addition to dialog alerts warning the user about unsafe settings, the user will be reminded by the Information Bar as long as the settings remain unsafe. Users can instantly reset the security settings to the 'Medium-High' default level by clicking the 'Fix My Settings' option in the Information Bar.

Advanced Protection Against Spyware With Windows Defender

Microsoft Windows Defender enhances security and privacy protections when used with Internet Explorer 7. Extending the protections against malware at the browser level, Windows Defender helps prevent malware entering the machine via piggy-back download, a common mechanism by which spyware is distributed and installed silently along with other applications.

Although the improvements in Internet Explorer 7 cannot stop non-browser-based spyware from infecting the machine, using it with Windows Defender will provide a solid defense on several levels. Windows Defender is available in a beta release now for Windows XP SP2 and will also be in Windows Vista.

Personal Data Safeguards

Most users are unaware of how much personal, traceable data is transmitted with every click of the mouse while they are browsing the Web. The extent of this information continues to grow as browser developers and Web site operators evolve their technologies to enable more powerful and convenient user features. Similarly, most online users are likely to have trouble discerning a valid Web site from a bogus copy.

The extent to which convenience and discount pricing are available online gives users an attractive reason to click and buy. The Internet enables any large or small business to easily create an online storefront for selling goods, enabling the business to reach a consumer audience well beyond traditional physical and geographic boundaries. Search engine marketing efforts allow these Web sites to establish instant consumer credibility and reach millions of users through some of the largest search engines or portal Web sites. The combination of these factors creates situations in which consumers are dealing with distant businesses and left with fewer concrete mechanisms to differentiate legitimate businesses from those seeking to collect their information for improper gain. Another challenge facing users is the ability for malicious Web site operators to abuse the same search listing services to attract unsuspecting consumers to knockoff Web sites designed to mimic the appearance and function of well-known and trusted businesses.

A technique used by many malicious Web site operators to gather personal information is known as phishing - masquerading online as a legitimate person or business for the purpose of acquiring sensitive information. Such fake Web sites designed to look like the legitimate sites are referred to as spoofed sites. Over the past year, phishing attacks have been reported in record numbers, and identity theft is emerging as a major threat to personal financial security. In the past year, the number of confirmed phishing sites has grown fivefold - from 580 to more than 3,000 (source: Anti-Phishing Working Group, April 2005 report).

Unlike direct attacks where hackers break into a system to obtain account information, a phishing attack does not require technical sophistication but instead relies on users willingly divulging information such as financial account passwords or Social Security numbers. These socially engineered attacks are among the most difficult to defend because they require user education and understanding rather than merely issuing an update for an application. Even experienced professionals can be fooled by the quality and details of some phishing Web sites as hackers become more experienced and learn to react more quickly to avoid detection.

Internet Explorer 7 offers a range of enhancements and solutions to better protect against malicious Web site operators and help prevent users from becoming victims of confusing URLs. The new Security Status Bar, located next to the Address Bar, is designed to help users quickly differentiate authentic Web sites from suspicious or malicious ones. In addition, Internet Explorer provides a simple file cleanup utility.

Certificates also play an essential role for users in validating e-commerce Web sites and helping to thwart phishing scams. Internet Explorer 7's Security Status Bar enhances access to certificate information by placing it more prominently in front of users and providing single-click access to the certificate.

Security Status Bar

Over the past few years, Web browser users have been introduced to the concept of encrypted communications and secure sockets layer (SSL) technologies to better protect their information from being obtained by third parties. Although many users have become quite familiar with SSL and its associated security benefits, a large proportion of Internet users remain overly trusting that any Web site asking for their confidential information must be protected. With the explosion of small- and home-based business Web sites selling goods that span the pricing spectrum, users are even more likely to encounter unknown entities asking for their financial information. The combination of these factors creates a situation ripe for abuse. Internet Explorer 7 addresses this issue by providing users with clear, prominent, color-coded visual cues to the safety and trustworthiness of a Web site. With the assistance of Internet Explorer 7 to help identify legitimate Web sites, users can more confidently browse and shop anywhere on the Internet.

Previous versions of Internet Explorer placed a gold padlock icon in the lower-right corner of the browser window to designate the trust and security level of the connected Web site. Given the importance and inherent trust value associated with the gold padlock, Internet Explorer 7's new Security Status Bar places it more prominently in users' line of sight. Users can now view the certificate information with a single click on the padlock icon. The Security Status Bar also supports information about High Assurance (HA) certificates for those sites meeting guidelines for better entity identity validation. Users can benefit from support for HA certification by having instant visual access to the increased validation of authenticity for a given Web site. To provide users with another visual cue designed to help them recognize questionable Web sites, the padlock now appears on a red background if Internet Explorer 7 detects any irregularities in the site's certificate information. By contrast, trusted Web sites will clearly display the name of the certificate owner and a gold background to indicate that users can provide confidential data.

Microsoft Phishing Filter

Developers of phishing and other malicious activities thrive on lack of communication and limited sharing of information. Using an online service that is updated several times an hour, the new Phishing Filter in Internet Explorer 7 consolidates the latest industry information about fraudulent Web sites and shares it with Internet Explorer 7 customers to proactively warn and help protect them. The filter is designed around the principle that, to be effective, early warning systems must derive information dynamically and update it frequently.

The Phishing Filter combines client-side scans for suspicious Web site characteristics with an opt-in online service. It helps protect users from phishing scams in three ways:

1. It compares the addresses of Web sites a user attempts to visit with a list of reported legitimate sites that is stored on the user's computer.

2. It analyzes sites that users want to visit by checking those sites for characteristics common to phishing sites.

3. It sends the Web site address that a user attempts to visit to an online service run by Microsoft to be checked immediately against a frequently updated list of reported phishing sites.

Internet Explorer 7 uses the Security Status Bar to signal users (in yellow) if a Web site is suspicious.

IEBlog

Hi, my name is John Hrvatin and I'm the program manager for Internet Explorer setup. I'd like to share some of the ways setup in IE 7 helps keep you more secure and IE running smoothly.

Prior to installing IE 7, setup runs the Windows Malicious Software Removal Tool to clean your system of known malware and help prevent problems installing IE 7 or running it for the first time. If you keep your computer up-to-date using Windows Update, which hopefully everyone does, you will already have the latest version of the cleaner. In that case, setup will re-run the installed version; otherwise, it will download and run the latest version.

Setup also makes sure you have the latest-and-greatest by downloading and installing any available IE updates. In previous versions of IE, users had to install updates after IE installation and anyone who didn't was out-of-date. In IE 7, setup takes care of the updates so you can get right to using IE 7.

[Feb 17, 2006] Download details Windows® Defender (Beta 2) This is a new, better version of the tool that was known Microsoft Windows AntiSpyware (Beta). Upgrade is highly recommended...

Windows Defender (Beta 2) is a free program that helps you stay productive by protecting your computer against pop-ups, slow performance and security threats caused by spyware and other potentially unwanted software.

This release includes enhanced features that reflect ongoing input from customers, as well as Microsoft's growing understanding of the spyware landscape.

Specific features of Windows Defender Beta 2 include:

Important Notes

[Feb 10, 2006] Slashdot Microsoft Anti-Spyware Removes Norton Anti-Virus Ms Antispyware is one of the best tools. Norton AV (home edition) is a very questionable bloatware. So removal is not a big deal. It might be even a "good thing"

Faster way to clean up Norton
(Score:5, Informative)

by TheGSRGuy (901647) on Saturday February 11, @07:07PM (#14696805)

If MS Antispyware wipes out your Norton install, the fastest and easiest way to clean out Norton to prepare for a reinstall is with Symantec's Norton Removal Tool, aka SymNRT. It's available for free from their website and is designed for situations like this where the install gets corrupted and you can't remove it.

The tool removes every trace of Norton from your system. It does a better job than the normal uninstaller.

Re:What problem?
(Score:5, Informative)

by dynamo52 (890601) on Saturday February 11, @06:43PM (#14696701)

Seriously. Considering how good NAV is at sucking up memory and CPU cycles, the only way anyone probably noticed was when their computer suddenly seemed much smoother and more responsive.

I agree. I am a computer services provider for mostly home users and I often find NAV and internet tools to be single greatest contributor to draining system resources. I usually recommend disabling NAV, using safe internet practices, and scanning weekly or if there appears to be a problem.

Re:What problem?
(Score:3, Interesting)

by AsbestosRush (111196) on Saturday February 11, @07:24PM (#14696891)
(http://slaquer.com/ | Last Journal: Wednesday October 27, @02:05PM)

That is most likely the Corperate version of Symantec AV, which is *far* better than the desktop version that most people usually purchase. The corp version just sits in the tray until something comes along that might need some attention.

Re:What problem?
(Score:5, Informative)

by spectre_240sx (720999) on Saturday February 11, @08:19PM (#14697151)
(http://www.digital-traffic.net/)

Well that's not surprising considering NAV runs at least 14 processes. I think it might be 15 including that glorified advertisement they call Norton Protection Center.

We're still selling it at the shop that I work at. I'm not sure why... We recommend AVG Free for most people, but for business users we sell NAV.

Re:What do you really expect it to do?
(Score:5, Funny)

by slashname3 (739398) on Saturday February 11, @10:22PM (#14697747)

Just because these products must use continuous system resources doesn't mean they need all of them. That would kind of defeat the purpose of having a computer.

But the purpose of having a computer is to run anti virus software, spy ware detectors, and firewalls. Between running those tools and updating the system there is not much time or resources for anything else.

Discussion Link
(Score:5, Informative)

by Mz6 (741941) * on Saturday February 11, @06:36PM (#14696653)
(Last Journal: Friday June 18, @11:45AM)

Here's a link to the actual discussion [microsoft.com]. Looks like this has been corrected with the latest definitions.

But what if
(Score:4, Informative)

by ImaLamer (260199) <john.lamar@gm[ ].com ['ail' in gap]> on Saturday February 11, @06:37PM (#14696660)
(http://mintruth.com/ | Last Journal: Sunday June 05, @05:40PM)

Microsoft knows something we don't?

Norton/Symantec hasn't always been nice (are they now?) - remember when Norton Utilities couldn't be removed on DOS installations? The only option was to totally format the drive and start over. I know people who won't even try Norton/Symantec products after all of those years because of these types of problems.

But it's not really a beta...
(Score:5, Informative)

by vudufixit (581911) on Saturday February 11, @07:35PM (#14696950)

This was a full product called Giant Anti-spyware that MS acquired.
"Beta" is their term.

75% of my private client calls involve removing malware, and the MS product
is a champ at this task.

MS antispyware gives you a summary screen that breaks down each item it found,
assigns it a perceived threat rating, and gives you the choice to "Remove, Ignore, Quarantine."

So, anyone watching with any degree of care should notice that Norton was one of the choices
and simply select the "ignore" option.

Personally, I haven't seen this happen myself.

I agree with many other posters that Norton isn't that great of a product.
I've noticed their firewall suddenly,without provocation, start blocking
all websites.

I've also noticed their antivirus turn itself off for no reason, never
to be turned on again. Reinstalling is often interesting, since even the
least little trace of the product prevents an install/reinstall, but it
almost never uninstalls cleanly.

[Jan 25, 2006] Netscape 8.1 takes aim at spyware Tech News on ZDNet Netscape 8.1 adds protection against online scams such as spyware and phishing.

Netscape 8.1 offers built-in spyware and adware protection that scans files that Web users try to download as well as those that are sent to them without their interaction, according to a representative for Netscape, a division of Time Warner's America Online subsidiary. The updated browser will also let consumers run complete memory and disk scans.

Other security features include an updated blacklist of potential phishing sites and a security center people can access to see if they need to take action on their computer.

Netscape's move to increase security features comes as malicious attackers are increasingly targeting browser flaws, including vulnerabilities found last spring in Netscape's browser.

The latest version of the browser also offers updates designed to enhance its RSS (Really Simple Syndication) support. RSS feeds, for example, can be viewed within the browser rather than requiring a separate viewer.

In addition, a new profile manager is designed to let multiple Web users share the same browser but maintain different bookmarks, passwords and other customizations.

[Jan 12, 2006] Symantec, Kaspersky criticized for cloaking software - Computerworld "rootkit" cloaking techniques found in Symantec Corp. and Kaspersky Lab products

The Windows operating system expert who exposed Sony BMG Music Entertainment's use of "rootkit" cloaking techniques last year is now criticizing security vendors Symantec Corp. and Kaspersky Lab Ltd. for shipping software that works in a similar manner.

Mark Russinovich, chief software architect with systems software company Winternals Software LP, says that the techniques used by Symantec's Norton SystemWorks and Kaspersky's Anti-Virus products are rootkits, a term usually reserved for the techniques used by malicious software to avoid detection on an infected PC. There is "no good justification," for the use of such techniques, Russinovich said. "If the vendor believes that the implementation of their software requires a rootkit then I think they need to go back and re-architect it."

Both Symantec and Kaspersky concede that they have shipped software that hides information from system tools, but they told IDG News Service that they disagreed with Russinovich's use of the term rootkit, saying that because their software was not designed with malicious intent, it should not be lumped into the same category.

Still, both companies appeared sensitive to Russinovich's criticism.

Symantec on Tuesday issued a patch to SystemWorks that disabled the cloaking feature. On Thursday, a representative from Kaspersky said that it was possible that his company could take similar action. "I don't know whether we've got a plan to do that, but that's obviously one thing that we could do here," said David Emm, a senior technology consultant with Kaspersky.

Unlike Sony's XCP (Extended Copy Protection) software, the Symantec and Kaspersky products do not cloak the fact that certain pieces of software are running on the computer. Instead, they hide data

... ... ...

Kaspersky's use of cloaking software is more recent. With version 5 of its Kaspersky Anti-Virus software, first released about a year ago, the company used cloaking techniques to hide "checksum" information that the software used to determine which files on the computer it had or had not scanned.

... ... ...

While Russinovich agreed that the Symantec and Kaspersky cloaking techniques are not as dangerous as Sony's, which was ultimately exploited by virus writers, he said that all three vendors were engaging in a practice that was bad for users and IT professionals. "You don't want IT not knowing what's on the systems," he said. "Not being able to go to the system to do software inventory and disk space inventory, that's just not a good idea."

[Jan 3, 2006] Windows Metafile vulnerability - Wikipedia, the free encyclopedia

A new Windows Metafile (WMF) vulnerability potentially affects most versions of Windows (including 2000 and XP) , and could theoretically be exploited to allow to install arbitrary programs on the system by tricking a user into viewing a maliciously formatted Metafile image on computers with enabled shimgvw.dll (see below on how temporary disable it until the patch is available).

This is not an automatic self-propagating vulnerability, therefore even on unpatched PCs it potentially affects only naive users (children, senior people), very gullible users or users inclined to visit "grey" or "black" Internet sites or respond to unsolicited e-mail advertising:

Due to those mitigating factors Microsoft Corp. said today that it does not plan to release a fix for the Windows Metafile (WMF) flaw until Jan. 10, when a patch will be included as part of the company's scheduled monthly updates for January.

Microsoft has completed development of a patch for the flaw and is now testing it for quality and application compatibility, the company said in an advisory updating an earlier advisory released the last week. The update will be available at Microsoft's Download Center. "Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement," the company said in its statement. " Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the attacks are not widespread."

This attack is directed on a flaw in the way Windows handle malicious files in the WMF format. For example one such attack arrives in an e-mail message titled "happy new year," bearing a malicious file attachment called "HappyNewYear.jpg" that is really a disguised WMF file.

To protect yourself (especially important at home users where you are not protected by mail gateway and corporate firewall) you can execute the command on the command line (or via Start -> Run menu):

Windows 2000: regsvr32 -u C:\WinNT\system32\shimgvw.dll

Windows XP: regsvr32 -u C:\Windows\system32\shimgvw.dll

In case this leads to problems with applications (very unlikely) you need to register this DLL again using the command:

Windows 2000: regsvr32 C:\WinNT\system32\shimgvw.dll

Windows XP: regsvr32 C:\Windows\system32\shimgvw.dll

Please note that attacks can come in attachments with files that have any extension. For example, any graphic extension can be used. One reported attack used GPEG (extension .jpg). Even though the file has extension classifying it as a JPEG-file, Windows recognizes the content is actually a WMF and attempts to execute the code it contains.

Microsoft stresses that to exploit a WMF vulnerability by e-mail, "customers would have to be persuaded to click on a link within a malicious e-mail or open an attachment that exploited the vulnerability."

We hope that there will be few such BASF users in view of recent training that everybody got with spam and fake financial letters.

Still please be careful as in this case following the links is as dangerous as clicking on the attachment. For example, even if you just attempt to visit an file site using Internet Browser viewing the list folders can trigger its payload as the attacker can maliciously put infected icons and they will be "executed" when you open the link.

Usual payload associated with this exploit is spyware. The file with working exploit that supposedly was already in the wild today was called "HappyNewYear.jpg". It attempts to download the Bifrose back door, researchers said.

General Recommendations

Before patch is applied to all systems please be especially vigilant with emails that contain attachments or if a email try to persuade you to follow some html link:

Recommended Links

Microsoft Security Advisory (912840) Published: December 28, 2005 | Updated: January 3, 2006

On Tuesday, December 27, 2005, Microsoft became aware of public reports of malicious attacks on some customers involving a previously unknown security vulnerability in the Windows Meta File (WMF) code area in the Windows platform.

Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft confirmed the technical details of the attack on December 28, 2005 and immediately began developing a security update for the WMF vulnerability on an expedited track.

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft's goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing.

The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available on Microsoft's Download Center, as well as through Microsoft Update and Windows Update. Customers who use Windows' Automatic Updates feature will be delivered the fix automatically.

Based on strong customer feedback, all Microsoft's security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time.

Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks are not widespread.

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

Top articles

Sites

Links Recommended Books Recommended Skeptical Materials Independent Organizations and Publications Articles Vendors Reference

Recommended Links

Softpanorama hot topic of the month

Softpanorama Recommended

...



Etc

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of environmental, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit exclusivly for research and educational purposes.   If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner. 

ABUSE: IPs or network segments from which we detect a stream of probes might be blocked for no less then 90 days. Multiple types of probes increase this period.  

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least


Copyright © 1996-2016 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: September, 19, 2017