Sindows 7
join:2006-09-13
Hope, BC
2 edits | reply to ModemHead
Re: Microsoft Security Advisory (935423) Vulnerability in Window
said by ModemHead  :It appears that the ZERT site is mirrored (as per Bob above) and the cursor files that are embedded referenced in the POC test page do not exist on one of the mirrors (as of 10pm EDT). The working test page is: » zert.isotf.org/tests/testani.htmThe non-working test page is: » isotf.org/zert/tests/testani.htmThe non-working test page will never do anything but tell you that you are not vulnerable, even if you are. The ZERT people seem to be a little confused, I wouldn't recommend loading any patches from there at this time... Hey I clicked the links and IE crashed or closed.
I use .ani files for my mouse and cursors, I got them from win95 days...........what this all mean?
I thought this was discussed before too a couple years back.
»Do You Trust Your Browser...
»www.microsoft.com/technet/securi···002.mspx
and »Followup
--
ASUS A7N8X2.0 Dlx NFORCE2 Ultra400 Athlon XP 3200+ Barton @2.20 GHz Corsair TWINX1024-3200C2PT @2-3-3-6-400Mhz DDR DualChannel ATI 1650Pro 512MB SB Live! 5.1 Windows Vista 5744 IE 7 DI-604 Router Telus 6.0 APC BackUPS 450 |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| Read the ZERT explanation. You are right that there was a similiar exploit in 2005. ZERT explains very well how this new one came about and points out that Microsoft was derelict in duty in that this one could have been avoided if they had checked the entire code for ANI two years ago. |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to NICK ADSL UK
F-Secure Lab
"Microsoft has announced that it will release an update for the ANI vulnerability on Tuesday the 3rd of April. This is a week early as they usually release security patches on every second Tuesday of the month but as there is an increasing activity of sites and malware using the ANI vulnerability, they decided to release it early.
You might wonder how they were able to get the update out so quickly considering it was first used in exploits late last week. The issue of the ANI vulnerability was actually brought to Microsoft's attention back in December 2006 according to their their Security Response Blog and they've been investigating and working on a fix since then.
Until Microsoft has released the update, you can count on us to continue adding detection for known versions of the ANI exploit and worms."
»www.f-secure.com/weblog/archives···00001159
**********************************
The problem out there is just like always. There are thousands if not millions of users that fit in the category of running pirated copies of Microsoft Software who never updated and added to that are those who own the software but refuse to update..I see people out there not even with SP1 muchless SP2 for XP.
The media does not help on all this either..when it all started all they could lick their lips on..was reporting there was now a vulnerability/exploit for VISTA and rag on that for a few days. 
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
daveinpoway
Premium
join:2006-07-03
Poway, CA
1 edit | reply to daveinpoway
AV is (was) Avast. You're right that I could have installed the patch, but the lure of Blink protecting you against future zero-day stuff was strong.
Anyway, I am now using Blink Personal Edition, for which eEye offers a free 1-year license (I don't know if you can renew it for free when it expires, but I'll concern myself with that next April). So, I removed Zone Alarm Pro, Avast and some other anti-malware stuff from my system. One thing I see is that BPE scans much faster than Avast. Avast took about 2.5 hours to scan my C drive, but BPE does a full scan in a little more than an hour. |
|
astirusty
Premium
join:2000-12-23
Henderson, NV
 ·AT&T Southwest
| reply to Name Game
said by Name Game :You might wonder how they were able to get the update out so quickly considering it was first used in exploits late last week.
...
Until Microsoft has released the update, ...********************************** The problem out there is just like always. There are thousands if not millions of users that fit in the category of running pirated copies of Microsoft Software who never updated and added ... I don't understand the connection. If MS has known about it for 3 months, and only now gets around to providing a fix; how are the pirated copies or never updated copies the problem.
Maybe you mean that even though a fix (patch) is finally provided by MS, the pirated copies and non-updaters will still be a food-supply for Bot-nets? |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
|  said by astirusty :said by Name Game :You might wonder how they were able to get the update out so quickly considering it was first used in exploits late last week.
...
Until Microsoft has released the update, ...********************************** The problem out there is just like always. There are thousands if not millions of users that fit in the category of running pirated copies of Microsoft Software who never updated and added ... I don't understand the connection. If MS has known about it for 3 months, and only now gets around to providing a fix; how are the pirated copies or never updated copies the problem. Maybe you mean that even though a fix (patch) is finally provided by MS, the pirated copies and non-updaters will still be a food-supply for Bot-nets? And worm in this case..
The problem out there is just like always.
--
Gladiator Security Forum »www.gladiator-antivirus.com/ Missing Kids »www.missingkids.com/ |
|
SpannerITWks
Premium
join:2005-04-22 | reply to ModemHead
ModemHead
Thanx for the info !
Spanner |
|
Name Game
Premium
join:2002-07-07
North Myrtle Beach, SC
| reply to NICK ADSL UK
Highlghts ....Where did it all start and who was the Author ?
worm.whboy
Users will know their systems are infected by the worm.whboy if their executable file icons turn into images of pandas with burning joss sticks. [Photo: pconline.com.cn]
Five-star cyber worm comes
2007-01/17
»www.chinadaily.com.cn/citylife/2···5644.htm
Sophos downplays 'panda' virus
January 19 2007
»www.zdnetasia.com/toolkits/0,390···p,00.htm
Anti-Worm.WhBoy Software Put Into Trial Operation
March 30, 2007
Li Jun, the creator of the rampant computer virus Worm.Whboy, has produced an anti-virus software to kill Worm.Whboy and put it into use on a trial basis on some Chinese websites.
Li has also attached a letter to the software in which he apologizes to netizens for the harm this virus has done to them. However, Li has not given details on the dependability of the anti-virus software.
Originating in Wuhan, the virus received the first five-star severity rating ever issued by the Shanghai Information Technology Service Center because it could attack local area networks in government bureaus and companies and damage their programs and databases. The worm was most destructive about three months ago, but it is still causing problems.
»www.chinatechnews.com/2007/03/30···eration/
Mcafee Input...
The W32/Fujacks.worm was first discovered on December 28, 2006. Detection was added for a this new variant on January 17, 2007, which includes coverage for the threat specified in the article listed below.
This threat is considered to be a Low-Profiled risk due to media attention at: »www.chinadaily.com.cn/citylife/2···5644.htm
--
Upon execution, the worm drops a copy of itself in %SYSTEM%\drivers folder as spoclsv.exe and executes from there.
»vil.nai.com/vil/content/v_141204.htm
W32/Fujacks!htm
»vil.nai.com/vil/content/v_141161.htm
The computer may become slow and may occasionally reboot due the infection of the executable files.
For the W32/Fujacks!htm infected files, they will have an iframe in the last line of the files.
The W32/Fujacks virus will search several different vectors to find these type of files:
- htm
- html
- asp
- php
- jsp
- aspx
- EXE
- SCR
- PIF
- COM
So it can infect them.
****************************************
And if you want another good look at the chain of events..
Harry Waldron does an excellent job of that over at CofU site.
http://www.dozleng.com/updates/index.php?s=3ed00a07ba70bb9553f687452a5510c2&showtopic=13805
--
Gladiator Security Forum http://www.gladiator-antivirus.com/ Missing Kids http://www.missingkids.com/ |
|
ZZZZZZZ
Premium
join:2001-05-27
PARADISE |  reply to NICK ADSL UK
Re: Microsoft Security Advisory (935423) Vulnerability in Window
OMG....the sky is falling! |
|
