Windows Security Flaw Is 'Severe'
PCs Vulnerable to Spyware, Viruses
By Brian Krebs
Special to The Washington Post
Friday, December 30, 2005; Page D01

A previously unknown flaw in Microsoft Corp.'s Windows operating system is
leaving computer users vulnerable to spyware, viruses and other programs
that could overtake their machines and has sent the company scrambling to
come up with a fix.

Microsoft said in a statement yesterday that it is investigating the
vulnerability and plans to issue a software patch to fix the problem. The
company could not say how soon that patch would be available.
Mike Reavey, operations manager for Microsoft's Security Response Center,
called the flaw "a very serious issue."

Security researchers revealed the flaw on Tuesday and posted instructions
online that showed how would-be attackers could exploit the flaw. Within
hours, computer virus and spyware authors were using the flaw to distribute
malicious programs that could allow them to take over and remotely control
afflicted computers.

Unlike with previously revealed vulnerabilities, computers can be infected
simply by visiting one of the Web sites or viewing an infected image in an
e-mail through the preview pane in older versions of Microsoft Outlook, even
if users did not click on anything or open any files. Operating system
versions ranging from the current Windows XP to Windows 98 are affected.

An estimated 90 percent of personal computers run on Microsoft Windows
operating systems. Microsoft has found itself under attack on several
instances and has been forced to issue a number of patches to keep computers
running Windows safe. Mac and Linux computer users are not at risk with this
attack, even if their computers run Microsoft programs such as Office or the
Internet Explorer Web browser.

Reavey encouraged users to update their anti-virus software, ensure all
Windows security patches are installed, avoid visiting unfamiliar Web sites,
and refrain from clicking on links that arrive via e-mail or instant

"The problem with this attack is that it is so hard to defend against for
the average user," said Johannes Ullrich, chief research officer for the
SANS Internet Storm Center in Bethesda.

At first, the vulnerability was exploited by just a few dozen Web sites.
Programming code embedded in these pages would install a program that warned
victims their machines were infested with spyware, then prompted them to pay
$40 to remove the supposed pests.

Since then, however, hundreds of sites have begun using the flaw to install
a broad range of malicious software. SANS has received several reports of
attackers blasting out spam e-mails containing links that lead to malicious
sites exploiting the new flaw, Ullrich said.

Dean Turner, a senior manager at anti-virus firm Symantec Corp. of
Cupertino, Calif., said the company has seen the vulnerability exploited to
install software that intercepts personal and financial information when
users of infected computers enter the data at certain banking or e-commerce

Eric Sites, vice president of research and development for anti-spyware firm
Sunbelt Software, said he has spotted spyware being downloaded to a user's
machine by online banner advertisements.

"Pretty much all of the spyware guys who normally use other techniques for
pushing this stuff down to your machine are now picking this exploit up,"
Sites said.

Because the vulnerability exists within a faulty Windows component, security
experts warn that Windows users who eschew Internet Explorer in favor of
alternative Web browsers, such as older versions of Firefox and Opera, can
still get their PCs infected if they agree to download a file from a site
taking advantage of the flaw.

Richard M. Smith, a Boston security and privacy consultant, said he was
particularly worried that the vulnerability could soon be used to power a
fast-spreading e-mail worm.

"We could see the mother of all worms here," Smith said. "My big fear is
we're going to wake up in the next week or two and have people warning users
not to read their e-mail because something is going around that's extremely

Brian Krebs is a reporter.

You are a subscribed member of the infowarrior list. Visit for list information or to unsubscribe. This message 
may be redistributed freely in its entirety. Any and all copyrights 
appearing in list messages are maintained by their respective owners.

Reply via email to