Jump to content

Virus attack

rouge red

Recommended Posts

Well, I know there was a thread for this topic BUT it wasn't in the IE where I had - after coming on the forum - a huge problem with my Mozilla Browser. First a music file tried to come onto my pc, which was blocked by my anti virus program, and then there was a big fat VIRUS warning by my program.

And, just to say you that, there is again this strange little box in the top of the forum. And now in Mozilla too...

Please remove that :(

Link to comment
Share on other sites

First ever post on the forum, but i have to say my anti vir (avast) goes nuts with vocal warnings and blocking some content.

firefox notifies me that some plugins are needed to view the page, weird seeing as no plugins have been required previously.

Here is the blurb:

WMF Exploit

is a serious security threat discovered at 28th December 2005.

This problem is tied up with WMF files (Windows MetaFiles). It is not caused by a specific bug, but rather by a bad design back in the eightees. Such file can contain binary program which is called and executed by special Escape function. This has been used in the past to gain the access to special printer functions. However, it can be misused very easily to spread malicious programs - the application called "Windows Picture and Fax Viewer", which is used to display the picture in many Windows versions, will execute the attached code. This security hole is contained in all Windows versions (including the historical Windows 3.1) and currently there is no security patch from Microsoft (it is planed for 10th January 2006). So, this is really very severe security problem for millions of users all over the world. The danger is definitely not hypothetical - there are many web pages which contain such modified WMF files, other files are sent by email and there is already one worm which also uses this "feature".

You can unregister the program "Windows Picture and Fax Viewer" as a temporary solution, you can also filter all WMF files using the firewall. Of course avast! is able to detect such malicious files. There is also an unofficial patch made by Ilfak Guilfanov, which disables the Escape function in WMF files at all. We strongly recommend to install the Microsoft patch as soon as possible when available! The problem is that the older Windows operating systems are not maintained by Microsoft anymore, so there could be a lot of computers which will remain vulnerable in the future...

avast! with VPS file dated on or after 28th December 2005 is able to detect this exploit.

Edited by Zoomer
Link to comment
Share on other sites

We have now upgraded to Invision Power Board v2.1.7 which in theory should no longer be under thread of that particular exploit, so hopefully this issue is now resolved. Please let us know if it does come back. Thanks and sorry for all the inconveniences.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...