Mutating Windows exploit puts antivirus firms on high alert
Posted on 3 Jan 2006 at 11:15
The security community has set alarm bells ringing as a new vulnerability to Windows has been uncovered. The flaw could be exploited using a specially crafted Windows Metafile (.wmf) file to gain full control of the target computer.
A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. The problem affects Windows 98, ME, Windows 2000, Server 2003 and Windows XP.
Antivirus producers are particularly concerned because the virus creates a slightly different version of itself each time it replicates. Each iteration is of random size, can use non-wmf file formats and employs other tricks to look like something different.
Traditionally, antivirus software works by matching a particular 'signature' of a suspect file against a database of known malware. By mutating, the new virus makes it that much harder. According to the Sans Internet Storm Center, 'it will likely be difficult to develop very effective signatures (to identify the mutating virus) due to the structure of the WMF files'.
Of even more concern from Microsoft's point of view, is that the exploit, along with source code, has been developed and made available on the Internet via the so-called full disclosure community. Most security investigators first make their findings available to the vendor affected to allow it time to fix the problem before publishing details on the Internet where it can be picked up and used by hackers. Microsoft says it is investigating the exploit and says it has found that the vulnerability can only be exploited if an intended victim is persuaded to visit a website or open an email and click on a link.
According to Luis Corrons at Panda Software, 'This is one of the most serious vulnerabilities recently detected. Simply visiting a web page with a file created to exploit this security problem could see a computer infected by any type of malicious code'.
Microsoft says it is working on a fix although at the time of writing no patch was available from the company. SANS offers an unofficial patch but with the burden of risk falling on the user.
Author: Steve Malone
advertisement
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
Printed from www.pcpro.co.uk

