WMF expolit now at MSN Messenger's door - Printable Version
-Shoutbox (https://shoutbox.menthix.net)
+-- Forum: MsgHelp Archive (/forumdisplay.php?fid=58)
+--- Forum: Skype & Technology (/forumdisplay.php?fid=9)
+---- Forum: Skype & Live Messenger (/forumdisplay.php?fid=10)
+----- Thread: WMF expolit now at MSN Messenger's door (/showthread.php?tid=54529)
WMF expolit now at MSN Messenger's door by absorbation on 01-02-2006 at 11:19 PM
quote:
You may of heard of one of the biggest security flaw ever found in Windows known as the WMF exploit has now reached our world of MSN Messenger says Kaspersky Labs, using Christmas as a con via sending a link called xmas-2006 FUNNY.jpg". across multiple websites.
This is important around now many of these will be popping up, be very careful of what you view and make sure you can trust links and downloads your contacts may send you
The wmf file embedded into the .jpg as an html file which will download and execute a .vbs file, which in turn will become an Sdbot. The IRC bot is known as Backdoor.Win32.SdBot.gen by KAV and as reported earlier this week the latest MSN Messenger virus known as Kelveir is responsible but as a new clever variant and we may expect a string of these to come. The believed perpetrators are thought-out to be CyberCrimals in the UK.
I just wrote up this for my site as i think it is extemtly important thus should be made sticky i honestly would fall for this.
RE: WMF expolit now at MSN Messenger's door by ShawnZ on 01-02-2006 at 11:22 PM
Errrrrrrrrrrrrrrrrrr, how is this news, it is just a different place to send the link to people....
News would be if somehow they exploited it by sending it as a custom emoticon or something.
RE: WMF expolit now at MSN Messenger's door by absorbation on 01-02-2006 at 11:23 PM
quote:
Originally posted by ShawnZ
Errrrrrrrrrrrrrrrrrr, how is this news, it is just a different place to send the link to people....
News would be if somehow they exploited it by sending it as a custom emoticon or something.
i would click any .jpg link
and most virus threads are sticky anyway and the WMF flaw is huge + this is the second varient of a new virus released last week
RE: WMF expolit now at MSN Messenger's door by ddunk on 01-02-2006 at 11:41 PM
quote:
Originally posted by vaiper
thats y u dont open any emails from no one u dont no
this isn't an email, it's a link posted through MSN messenger.
RE: WMF expolit now at MSN Messenger's door by vaiper on 01-02-2006 at 11:45 PM
oh ok then i dont get many links sent to and open ones form my freinds nd not some randomz
RE: WMF expolit now at MSN Messenger's door by absorbation on 01-02-2006 at 11:48 PM
I suggest everyone install the windows patch to fix this huge flaw, said to be window's biggest sercuity bug of the last few years.
Would you view any jpg file saying x-mas it in , i sure would fall for it and the whole thing is not detected by anti virus software.
RE: WMF expolit now at MSN Messenger's door by Lou on 01-03-2006 at 01:14 AM
quote:its not from random people. read before posting uselessness.
Originally posted by vaiper
oh ok then i dont get many links sent to and open ones form my freinds nd not some randomz
--
quote:where is this windows fix?
Originally posted by Absorbation
I suggest everyone install the windows patch to fix this huge flaw, said to be window's biggest sercuity bug of the last few years.
Would you view any jpg file saying x-mas it in , i sure would fall for it and the whole thing is not detected by anti virus software.
RE: WMF expolit now at MSN Messenger's door by Hank on 01-03-2006 at 01:16 AM
have a look in Neowin.net , the fix may have been posted there
quote:
Originally posted by Neowin
SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn't enough to protect against some of the more advanced variants of the exploit.
http://www.neowin.net/index.php?act=view&id=31931
how to unregister the .dll
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
RE: WMF expolit now at MSN Messenger's door by absorbation on 01-03-2006 at 09:20 PM
Hum anyone seen the virus in action yet?
RE: WMF expolit now at MSN Messenger's door by Lou on 01-03-2006 at 09:27 PM
quote:know how I can register the dll again? nothing is working
Originally posted by Animal
how to unregister the .dll
Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
RE: WMF expolit now at MSN Messenger's door by hmaster on 01-03-2006 at 09:29 PM
WMF Patch
Has some info and a mirror for patch ^
RE: WMF expolit now at MSN Messenger's door by Lou on 01-03-2006 at 09:30 PM
quote:I don't want to patch it, I want to register the dll again. So it's sort of a manual unpatch
Originally posted by hmaster
WMF Patch
Has some info and a mirror for patch ^
RE: WMF expolit now at MSN Messenger's door by hmaster on 01-03-2006 at 09:34 PM
Lol I was just pointing out the article not sure how to unpatch it 
RE: WMF expolit now at MSN Messenger's door by ddunk on 01-03-2006 at 10:25 PM
louhabs: get rid of the -u switch to register it again.
RE: WMF expolit now at MSN Messenger's door by Lou on 01-03-2006 at 10:28 PM
quote:thank you.
Originally posted by Ddunk
regsvr32 -u %windir%\system32\shimgvw.dll
RE: WMF expolit now at MSN Messenger's door by Menthix on 01-05-2006 at 10:31 PM
Microsoft just released thier official patch to fix the WMF exploit. Read all about it and download on Microsoft Security Bulletin MS06-001.
Or just download it from Windows Update, it's on there too.