The issue is only partly to do with WMF exploit, and shimgvw.dll actually executing anything it gets, even if that instruction involves downloading a rouge file from somewhere and then executing the thing. I am sure the first mention of this issue in the security forums does not match the first discovery of the exploit. It was only noticed because the (payload) was a virus that happened to be picked up by f-prot and not Nav. From there, it became obvious that any payload can be delivered and executed on the user's puter with the user priv. This has likely been so in the last 2 years or so. Nobody in Ms cared to check the code, and if they did, they sure did not care to fix it or mention it. This issue has been publicly known for 2 weeks now, there is no patch yet. There are a few workarounds, involving unregistering the faulty dll and disabling it somehow. Now, if the ultimate solution will be to (pop up) a window asking the user weather to execute the newly obtained malware or not, then i will say, Ms needs to do better than that. An intresting example: You can not throw 700 yes-no popups at the user, and hope the user would just sit there and refuse all of them....
Someone i know came begging me to rid his puter from this windows thing, the main reason: Too many popups that completely prevent him from using his computer, too many malwate slowing down the puter, it took 15 minutes to boot the thing up, it had to send those important reports when booted, and by the time all 76 of them malware finished initializing 15 minutes have gone. Well no more, he is using a Mandriva 2006, and boots up in 30 seconds and does not crash. And there are no popups to annoy him. Problem solved. Cheers Szemir On January 3, 2006 09:39, Barnaby Jeans wrote: > Graham, > > Thanks for bringing this up. > > If anyone is looking for more reading on this, you may want to look at: > > http://blogs.technet.com/jesper_johansson/archive/2006/01/02/416762.aspx > > or > > http://scobleizer.wordpress.com/2006/01/02/jesper-has-more-on-wmf-exploi > t/ > > Thanks, > > Barnaby _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
