There's trouble brewing out there in in Bill's Kingdom tonight.... a vulnerability in all Windows computers has been widely exposed, potentially spawning a virus that spreads passively via images, doing untold damage....
According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.
What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.
http://news.ft.com/cms/s/0d644d5e-7b...0779e2340.html
There is a patch out that claim to fix it. Problem is that it doesn't come from Microsoft itself and most corporate admins wouldn't install something that didn't come from Redmond themselves.
For Joe home user, you might want to take extra precautions in following links received in e-mails or surfing "risky" sites (cough...pr0n).
Disabling message preview in your e-mail client might help. I do believe not logging into your PC with an Admin account would help too... but since no seriously malicious virus has used this exploit, it's tough to say what exactly will stop what.
I give this exploit 2-3 week before some misfit 14 yr old gets mad at the world and turns something loose.
For more info, do a Google, search on "WMF Virus". Tons of media on this. I found this Slashdot article to be quite good:
http://it.slashdot.org/article.pl?si...id=201&tid=218
I have no idea as to the accuracy of this guy's comments but they certainly did help me understand some of the genesis of this flaw and just how hard it is to fix...
http://it.slashdot.org/comments.pl?s...6&cid=14378616