[Vision2020] another serious Windows security flaw

Mark Solomon msolomon at moscow.com
Fri Dec 30 07:36:23 PST 2005 

typing happily away on my Mac,

Mark Solomon
********
Windows Security Flaw Is 'Severe'
PCs Vulnerable to Spyware, Viruses

By Brian Krebs
Special to The Washington Post
Friday, December 30, 2005; D01

A previously unknown flaw in Microsoft Corp.'s 
Windows operating system is leaving computer 
users vulnerable to spyware, viruses and other 
programs that could overtake their machines and 
has sent the company scrambling to come up with a 
fix.

Microsoft said in a statement yesterday that it 
is investigating the vulnerability and plans to 
issue a software patch to fix the problem. The 
company could not say how soon that patch would 
be available.

Mike Reavey, operations manager for Microsoft's 
Security Response Center, called the flaw "a very 
serious issue."

Security researchers revealed the flaw on Tuesday 
and posted instructions online that showed how 
would-be attackers could exploit the flaw. Within 
hours, computer virus and spyware authors were 
using the flaw to distribute malicious programs 
that could allow them to take over and remotely 
control afflicted computers.

Unlike with previously revealed vulnerabilities, 
computers can be infected simply by visiting one 
of the Web sites or viewing an infected image in 
an e-mail through the preview pane in older 
versions of Microsoft Outlook, even if users did 
not click on anything or open any files. 
Operating system versions ranging from the 
current Windows XP to Windows 98 are affected.

An estimated 90 percent of personal computers run 
on Microsoft Windows operating systems. Microsoft 
has found itself under attack on several 
instances and has been forced to issue a number 
of patches to keep computers running Windows 
safe. Mac and Linux computer users are not at 
risk with this attack, even if their computers 
run Microsoft programs such as Office or the 
Internet Explorer Web browser.

Reavey encouraged users to update their 
anti-virus software, ensure all Windows security 
patches are installed, avoid visiting unfamiliar 
Web sites, and refrain from clicking on links 
that arrive via e-mail or instant message.

"The problem with this attack is that it is so 
hard to defend against for the average user," 
said Johannes Ullrich, chief research officer for 
the SANS Internet Storm Center in Bethesda.

At first, the vulnerability was exploited by just 
a few dozen Web sites. Programming code embedded 
in these pages would install a program that 
warned victims their machines were infested with 
spyware, then prompted them to pay $40 to remove 
the supposed pests.

Since then, however, hundreds of sites have begun 
using the flaw to install a broad range of 
malicious software. SANS has received several 
reports of attackers blasting out spam e-mails 
containing links that lead to malicious sites 
exploiting the new flaw, Ullrich said.

Dean Turner, a senior manager at anti-virus firm 
Symantec Corp. of Cupertino, Calif., said the 
company has seen the vulnerability exploited to 
install software that intercepts personal and 
financial information when users of infected 
computers enter the data at certain banking or 
e-commerce sites.

Eric Sites, vice president of research and 
development for anti-spyware firm Sunbelt 
Software, said he has spotted spyware being 
downloaded to a user's machine by online banner 
advertisements.

"Pretty much all of the spyware guys who normally 
use other techniques for pushing this stuff down 
to your machine are now picking this exploit up," 
Sites said.

Because the vulnerability exists within a faulty 
Windows component, security experts warn that 
Windows users who eschew Internet Explorer in 
favor of alternative Web browsers, such as older 
versions of Firefox and Opera, can still get 
their PCs infected if they agree to download a 
file from a site taking advantage of the flaw.

Richard M. Smith, a Boston security and privacy 
consultant, said he was particularly worried that 
the vulnerability could soon be used to power a 
fast-spreading e-mail worm.

"We could see the mother of all worms here," 
Smith said. "My big fear is we're going to wake 
up in the next week or two and have people 
warning users not to read their e-mail because 
something is going around that's extremely 
virulent."

Brian Krebs is a washingtonpost.com reporter.
© 2005 The Washington Post Company
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.fsr.com/pipermail/vision2020/attachments/20051230/e659cd5c/attachment.htm

More information about the Vision2020 mailing list