Important: Microsoft OS Users Vulnerable to Newly Discovered Exploit
All users of Microsoft operating systems need to be aware that there is a new and very easy way for your computers to become infected. This exploit has been referred to in the media as both ¿WMF¿ and ¿zero-day¿ virus. Microsoft has announced that they will not have a patch available until Tuesday, January 10. In the meantime, reports of exploits continue to multiply and while there is no foolproof protection, ITS has taken measures to reduce system vulnerability on campus.
What ITS is Doing to Mitigate the Threat
ITS has taken the following steps to reduce the threat to campus users.
-
Filtered all WMF attachments on the University email server.
-
Blocked web sites that harbor malicious WMF images as they are identified.
-
Pushed latest Symantec virus definition files to ITS supported (`managed¿) clients
-
Implemented Microsoft¿s recommended workaround through Active Directory startup and logon scripts.
-
This workaround temporarily unregisters a Windows XP .dll, preventing users from viewing thumbnail images using the default Windows Picture & Fax Viewer.
-
To view image files with software other than the default Windows Picture & Fax Viewer, users will need to Right Click on the image file, and Select: Open with (then choose another image rendering application such as MS Office Picture Manager or Photo Editor).
-
Sent a mass mailing to all university faculty and staff alerting them to the problem and directing them to review detailed information on the ITS website (
www.albany.edu/its)
How Computers Can Be Infected
The potential exists for a computer to become infected using any of the following methods:
-
Visiting a Web site that has an infected image (Internet Explorer users are particularly vulnerable*)
-
Previewing an e-mail message that has an infected image
-
Clicking a link in instant messaging (IM) programs or downloading an image that someone sends you
-
Using Google Desktop or other file indexing software
-
Using peer-to-peer applications
-
Viewing pop-up ads that have infected images
How the Exploit Works
The exploit works this way: hackers attach bad code to a specific kind of graphic file. The way that the above programs handle this type of graphic allows the code to install and run without a user¿s knowledge or permission. There is no way to identify in advance which Web pages, e-mail messages, or graphic files are malicious, and the code can make an infected graphic file look like an innocuous JPEG, GIF, etc. attachment.
Types of symptoms could include unexpected activity on the computer, changes to the registry, deleted files, stolen personal information, loss of data and other significant problems.
If a machine is compromised, it must be entirely rebuilt (reformat and reinstall).
How Clients Can Protect Themselves
Even though the infection may spread easily, there are a few things clients can do to reduce their risk:
-
Use caution when opening links and attachments in both e-mail and IM.
-
Turn off the preview function in e-mail client so that images do not display.
-
Change the settings in IM program to not allow images to download automatically.
-
Anti-virus programs are able to detect some infections that occur. Clients should set the program to check for updates daily and run frequent scans.
If A System Becomes Infected
If a computer begins acting strangely or you have any reason to believe it has been infected, the only foolproof solution will be to reformat and reinstall the computer. Information Technology Services is actively monitoring this situation and will send updated messages as appropriate. Please contact the ITS Help Desk at 442-3700 if questions arise.
For more in-depth information on this exploit please visit these sites:
Microsoft: http://www.microsoft.com/technet/security/advisory/912840.mspx
SANS.Org: http://isc.sans.org/diary.php?storyid=994
F-Secure: http://www.f-secure.com/zero-day/
* According to TechWeb, the Internet Explorer Web browser displays WMF images automatically, making it very easy for hackers to exploit this issue. The Firefox and Opera Web browsers may display dialog boxes requesting permission, providing an added layer of security.
Help, I can¿t view my image files!
Information coming!
How to turn off Outlook message preview
Within Outlook 2000 and XP/2002:
Within Outlook 2003
How to turn off AOL Instant Messenger automatic download
You can control who you want to receive files from, receive files only from buddies on your Buddy List, or block all incoming file transfers.
WARNING: Make sure you have installed antivirus software on your system before you receive files from anyone. Files that you download from the Internet could contain viruses that can damage your system or cause it to crash.
Within AOL Instant Messenger main screen:
-
Press the F3 key to bring up the Preferences Window
-
Menu on left side of screen click on File Transfer
-
Then in the Receive File Permission box select one of the following options:
