A Very Dangerous Worm in Windows Metafile Images (WMF)

Who knows what evil lurks in the hearts of men? I pointed out that gnome's nautilus file browser whines about these files, so it may actually be possible for them to do some damage. The warning claims they can damage your computer... However, I don't know the details. It would be nice to trust linux, but you never know what is going to turn up. Be careful out there...

Lots of reasons. Maybe they don't know any better. Maybe they like the ability to whack any file they want without using sudo. Maybe it makes them feel powerful and potent, and they lack that in their dull, pointless, sedentary lives.

Unfortunately, some win programs can't execute as anything but administrator. I've tried to set the user accounts on my kids' windows machine to something other than administrator, but 1 out of 3 programs they use on a daily basis seem to fail. Sadly, it appears that application writers assume they can have their evil way with c:\\windows.

Regarding linux, you sure that the code is not some pseudocode? I know these files can do things like access the internet.... perhaps they can select which bits of nasty goo they download. If so, it might be possible to have them determine the OS first. Sure was nice when you didn't need armor plating on your computer.

should clue

That is what Apple did (more or less) for OSX. By all accounts, it is great to use. Sadly, they still are too stupid to a) figure out that their stuff is better than windows, b) port it to intel, and c) price it in a predatory way to eat Windows' market share. They are afraid of retribution from the Word/Excel team, I'm guessing. I can't think of any other reason why they wouldn't do this.

Slacker. I like Fedora Core 4, which appears to work, and has pretty much everything you want available.

Wine keeps me going most of the time (hiccup!). Unfortunately, it doesn't like graphics intensive games or the flying model simulator, so I have to boot into windows for my fix of flying and pseudo-death. Also, sadly, the Zilog C compiler doesn't run under wine. MPASM also fails, but I've got linux tools for both dsPIC and the midrange series.

Account for domain hexblog.com has been suspended

Google has very little info on hexblog

WTF??

Anyone stupid enough to run Linux as root might just as well be a Windo$e user.

LOL

Ian

I dunno, while XP home machines are used that way by default, most W2000 and XP-pro machines are not, yet they're vulnerable too. Perhaps that's because all execute the WMF code. BTW, over-writing of system files isn't required to get infected.

On 2 Jan 2006 15:15:57 -0800, Winfield Hill wrote: [snippage]

I installed TightVNC (remote control) on my parent's computer. Periodically, I ask them to start up the VNC server on their machine and I update various things, like this WMF issue, or help them out with program usage remotely. I had to punch a hole in their firewall for this to work.

As majority owner and head of technology development, he could say

1. Make it simple, make it right, ship it when it's correct

or

1. Load it with features, rush it to market, let the idiot customers find the bugs, and charge them for the fixes. And talk about "innovation" and "trusted computing" as much as possible.

Microsoft is, and always has been, full of successful thieves and rotten programmers.

John

Yes they have already. The new Macs coming out this year will use Intel CPUs. PCs running OS X have already been demonstrated as a result of some guys tweaking Apple's code to bypass a 'dongle like' requirement from the motherboard.

Graham

Are you suggesting that they are either ethical businesspeople or good programmers? There's little evidence for either viewpoint.

John

As in any large organization, those who do well at their jobs get promoted, and eventually tend to get a job at which they are not competent. (after Peter, 1969).

Therefore, many managers at MS used to be good programmers.

John

He still deserves to carry the can though.

Graham

Thieves > businessmen. That seems to fix it.

Graham

The experts at Norton finally panicked, and raised their ThreatCon to Level 3. "The ThreatCon has been raised to Level 3 in response to issues related to the recently discovered Windows WMF vulnerability, including publicly available exploits, malcode propagating using the issue, and the lack of an official patch until January 10." Norton says Microsoft's solution temporary solution doesn't work and they direct you to NIST, who says you should install Ilfak Guilfanov's patch, and that they have done so in all their computers.

Most of us will probably avoid an infection, but as for an Internet meltdown, yes, this will mean many thousands of new computers added to the existing hordes of machines that are just waiting and can be silently commanded by criminal gangs to carry out their bidding at any point. If any of the computer owners had played a Sony music CD, then their computers can be infected via the rootkit Sony installed, so the infection cannot be detected by malware or antivirus programs. Properly done, such computers can be owned at any time by criminals, terrorists, or whoever pays enough for the privilege, without your advance knowledge. It's certainly one more giant step to a meltdown.

Only of the Windows boxes!

John

One of Bill's declared tenents of "trusted computing" was "safe by default." Why does Windows default to executing .jpg files as wmf's?

Irfanview checks and warns me if the extension doesn't match the header; Windows doesn't. Windows doesn't even allow me to turn on such checking.

John

:-) Actually, I was thinking of the Internet.

For example, having under one's control tens of thousands of fast computers spread throughout the world that one can suddenly activate, each with a high-speed internet connection, enables one to, say, apply powerful DoS attacks, etc. E.g., company A could secretly pay big bucks to get company B's websites crippled for a critical few days, etc. A political party could pay for "dirty tricks" against a rival. Stock values could be manipulated...

The possibilities are disturbing to contemplate.

And here

Regards,

Boris Mohar

Got Knock? - see: Viatrack Printed Circuit Designs (among other things)

void _-void-_ in the obvious place

I think Windows XP opens JPG files in Windows Picture and Fax Viewer. The usefulness of that cannot be overemphasized IMO since all you have to do is right arrow or left arrow through the entire number of still pictures in any folder. The old way of switching back to the folder to open the next file was for the birds. With the press of an arrow key, the viewer continues with the next picture file, JPG GIF BMP whatever.

I think Windows XP does. Or you might at least get a warning that you're about to run a program. You do for files with a proper EXE extension, so I cannot imagine otherwise.

Yes, but Windows XP is a much more stable and roomy landfill for your applications to live on.

Have fun you all.