Reported recently was a
vulnerability in how Windows handles WMF image files, and it
affects all versions of Windows dating back to Windows 3.0
(1990), including Windows XP with Service Pack 3 and Windows
2003 with Service Pack 1. The vulnerability has been exploited by spyware authors as well as Trojan/Virus writers. While antivirus
companies have been able to keep up, Microsoft has made it known
that they will
issue a fix to the problem in the next patch release cycle.
In the mean time, a programmer named Ilfak Guilfanov took it upon himself to create a
patch, and by all reviews, it appears to work as advertised.
However, Microsoft has cautioned against using it and advises
everyone to wait until next week for the official patch to be
released.
According to several security sites, there is an expected
breakout of a Sober worm variant set for January 5, 2006. More
details can be found on
iDefense. Please make sure your home and office
computers are using up-to-date virus scanning software. Using
virus software that does not check and download updates
regularly will not protect you from these current threats. Most
antivirus software that comes pre-installed on systems (eg.
Norton) only download new updates for a very limited time
(usually 90 days at most) unless you specifically purchase the
software.
You can also run a manual scan at
Housecall by
Trend Micro.
Now for a generic statement regarding how these
worms are spread. Most modern computer worms (aka viruses)
arrive in emails that pretend to be from someone you know. When
a system becomes infected, the worm scours the infected system
for anything that looks like a valid email address. It can
search address books, previously received/sent emails, Office
documents, temporary Internet files, etc. The worm will then
create a random email to someone from that list and forge who it
comes from. The result is an
email that looks like it came from someone you quite possibly
know. It will more than likely have an attachment of some sort
as well as a carefully crafted Subject enticing you to open the
attachment. Newer worms can use Zip files for this as well. (An
old way of deciding if an email was a virus or not was whether
the attachment was an executable (not safe) or a zip file
(safe). THAT WAY OF THINKING DOES NOT WORK ANY LONGER.) So, if
you are not expecting an email from someone with an attachment,
do not open it. It's much easier (and usually cheaper) to miss
out on a joke, picture, etc., than it is to try and clean a
system of one of these nasty parasites.
