'Huge' virus threat for Windows PCs

Pretty scary stuff:

Computer security experts were grappling with the threat of a newweakness in Microsoft’s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world’s biggest software company, whose Windows operating system is a favourite target for hackers.

“The potential [security threat] is huge” said Mikko HyppÃ¶nen, chief research officer at F-Secure, an antivirus company. “It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now.”

The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week. But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.

Hope they get that patch ready soon.

Bachbone says:

January 2, 2006 at 8:42 pm

Linux is looking better and better to me.

benning says:

January 2, 2006 at 8:46 pm

Linux would be fine if it was accessible to the average computer user. It isn’t.

The hackers need to be hunted down and imprisoned. Enough is enough. These are not terribly clever youngsters giving “The Man” a hard time. They are criminals hurting a lot of people.

David Foster says:

January 2, 2006 at 9:56 pm

Very scary stuff. There are too many applications that *have* to run for this kind of thing to be taken lightly.

People who are designing life-critical applications, like electronic medical records systems, need to consider their security environment–including the operating system choice–very seriously.

Criminal sanctions for malicious hacking need to be beefed up; and this includes appropriate extradition treaties with other countries.

CZ says:

January 2, 2006 at 10:31 pm

I love my two Apple computers very much, thank you.

Still cannot believe that have Algore on their board of directors.

Slobokan says:

January 2, 2006 at 11:15 pm

Ilfak Guilfanov, well known in “reverse engineering” circles for his wildly popular IDA Disassembler, wrote a temporary patch for people to use until Microsoft gets off their butts.

You can download it here.

scmommy says:

January 2, 2006 at 11:35 pm

Have been reading about this all weekend. As a computer technician (I’m who you call when you crash your system), I will tell you – DO NOT OPEN E-MAIL ATTACHMENTS FROM PEOPLE YOU DO NOT KNOW! Have your Anti-Virus Software up to date. Be sure that you have all of the latest Microsoft Updates. Do these things and the chances of you getting infected are reduced (unless ofcourse you are hitting the porn sites – then you are on your own.).

Kevin says:

January 3, 2006 at 12:28 am

Here‘s a good discussion on it if you are interested in computer stuff. It also includes the updated patch written by Ilfak (he must have come out with version 1.4 in the last hour). Steve Gibson of grc.com trusts him, and that’s good enough for me. Scroll down to the green box to grab the latest unofficial patch.

Big Bang Hunter says:

January 3, 2006 at 4:56 pm

– Thanks for the links you guys…

– Bang