Well, Microsoft claims they have created the fix but are doing beta-testing now. But to respond definitively to your question, I've got two theories:
1. I think Microsoft is trying to down-play the risk and spread of the exploit - there are now at least 73 variants of this nasty out there - since the exploit has been known since 1991 (see mech's link to grc.com above); and
2. I think their "accidently released" patch was an "accident on purpose" as a way to have a beta run on real-life machines.
I have a quick question based upon the results of mechBgons tests.
Would McAfee VirusScan Enterprise 8.0i (4400 engine and latest DATs), combined with a limited user account, NX-Bit on all process and McAfee Buffer Overflow protection be enough to thwart the bug? Or should I keep a lockdown and wait for the patch?
The main thing I am concerned about is the new gzip packaging. Is it able to circumvent Antivirus programs with the latest DATs addressing this issue?
Thanks!
Would McAfee VirusScan Enterprise 8.0i (4400 engine and latest DATs), combined with a limited user account, NX-Bit on all process and McAfee Buffer Overflow protection be enough to thwart the bug? Or should I keep a lockdown and wait for the patch?
The main thing I am concerned about is the new gzip packaging. Is it able to circumvent Antivirus programs with the latest DATs addressing this issue?
Thanks!
GTaudiophile
Lifer
- Oct 24, 2000
- 29,767
- 33
- 81
This is an e-mail I just sent to co-workers. I am the unofficial official IT guy for my office. Is there any more I can do between now and Tuesday?
Dear All,
There is a REALLY sneaky virus on the loose at the moment. It infects the computer via normal pictures/images. The virus is imbedded in the code that comprises the image file. For example, an image on CNN.com COULD be infected, and a simple visit to the web site could also infect your computers simply by viewing the image. (This is highly unlikely at CNN.com, but you can imagine just how dangerous this virus could be if placed on the proper web site.)
Microsoft is preparing a fix, but it will not be available until Tuesday, January 10!
In the mean time, please do the following:
1) Do NOT view Inbox e-mails in MS Outlook using the Preview Pane!
2) Do NOT open image e-mail attachments from ANYONE until next week. Such attachments usually have the .JPG, .BMP, or .GIF file extension.
3) Be careful opening any sort of attachment from anyone and do NOT open attachments from unknown senders.
4) Be careful which web sites you visit. Only browse known, reputable web sites such as google.com and cnn.com.
5) Do NOT visit any questionable web sites. These sites include but are not limited to warez web sites and web sites offering lascivious or illicit content.
6) Do NOT visit web sites that are prone to have lots of pop-up ads. These pop-ups can contain infected images.
7) Keep your Microsoft Anti-Spyware and Norton Antivirus software UP-TO-DATE.
As soon as possible next Tuesday, I will attend to the company computers under my responsibility by updating Windows, Office, Norton, and MS Antispyware software.
Again, surf and e-mail safe until next Tuesday!
Dear All,
There is a REALLY sneaky virus on the loose at the moment. It infects the computer via normal pictures/images. The virus is imbedded in the code that comprises the image file. For example, an image on CNN.com COULD be infected, and a simple visit to the web site could also infect your computers simply by viewing the image. (This is highly unlikely at CNN.com, but you can imagine just how dangerous this virus could be if placed on the proper web site.)
Microsoft is preparing a fix, but it will not be available until Tuesday, January 10!
In the mean time, please do the following:
1) Do NOT view Inbox e-mails in MS Outlook using the Preview Pane!
2) Do NOT open image e-mail attachments from ANYONE until next week. Such attachments usually have the .JPG, .BMP, or .GIF file extension.
3) Be careful opening any sort of attachment from anyone and do NOT open attachments from unknown senders.
4) Be careful which web sites you visit. Only browse known, reputable web sites such as google.com and cnn.com.
5) Do NOT visit any questionable web sites. These sites include but are not limited to warez web sites and web sites offering lascivious or illicit content.
6) Do NOT visit web sites that are prone to have lots of pop-up ads. These pop-ups can contain infected images.
7) Keep your Microsoft Anti-Spyware and Norton Antivirus software UP-TO-DATE.
As soon as possible next Tuesday, I will attend to the company computers under my responsibility by updating Windows, Office, Norton, and MS Antispyware software.
Again, surf and e-mail safe until next Tuesday!
GTaudiophile
Lifer
- Oct 24, 2000
- 29,767
- 33
- 81
Originally posted by: SagaLore
We actually didn't have to go that route - our Sygate personal firewall software is successfully stopping the image exploit attempts.
This is an office with fewer than 10 employees. Can I do the same with a D-Link router?
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Originally posted by: GTaudiophile
Originally posted by: SagaLore
We actually didn't have to go that route - our Sygate personal firewall software is successfully stopping the image exploit attempts.
This is an office with fewer than 10 employees. Can I do the same with a D-Link router?
Probably not, Sygate is installed on all of our machines and takes care of exploits higher up in the osi stack. What model is your D-Link? I think they do have a security appliance with builtin IDS.
GTaudiophile
Lifer
- Oct 24, 2000
- 29,767
- 33
- 81
GTaudiophile
Lifer
- Oct 24, 2000
- 29,767
- 33
- 81
GTaudiophile
Lifer
- Oct 24, 2000
- 29,767
- 33
- 81
Originally posted by: SagaLore
Then no, sorry.
Thanks Anyway!
I just went to all computers and did the following:
1) Updated Norton and MS Antispyware.
2) RAN Windows Update.
3) Disabled Preview Panes in Outlook.
4) Enabled "Classic View" for Windows folders.
5) Enabled DEP for all programs.
6) Disabled WPV in the command line.
7) Increased IE security level to High.
I have that will keep us okay through today, Friday, and Monday.
- Oct 31, 1999
- 30,699
- 1
- 0
Additionally, did you make sure Norton's "bloodhound" heuristics and compressed-file scanners are enabled on the machines? Norton's WMF detection description puts it in the Bloodhound category, so I'd want to be sure that's enabled.Originally posted by: GTaudiophile
Originally posted by: SagaLore
Then no, sorry.
Thanks Anyway!
I just went to all computers and did the following:
1) Updated Norton and MS Antispyware.
2) RAN Windows Update.
3) Disabled Preview Panes in Outlook.
4) Enabled "Classic View" for Windows folders.
5) Enabled DEP for all programs.
6) Disabled WPV in the command line.
7) Increased IE security level to High.
I have that will keep us okay through today, Friday, and Monday.
Also, they can set Internet Explorer's security level to High for the Internet Zone. As I recall, if you've got Outlook 2000, then one of the patches that came after Service Pack 3 also has Outlook execute HTML in the Restricted Sites zone by default, so patching Office 2000 right away could have some benefits and give you a headstart on your work (if you have 2000 and not something newer, that is).
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Originally posted by: GTaudiophile
Originally posted by: SagaLore
Then no, sorry.
Thanks Anyway!
I just went to all computers and did the following:
1) Updated Norton and MS Antispyware.
2) RAN Windows Update.
3) Disabled Preview Panes in Outlook.
4) Enabled "Classic View" for Windows folders.
5) Enabled DEP for all programs.
6) Disabled WPV in the command line.
7) Increased IE security level to High.
I have that will keep us okay through today, Friday, and Monday.
I'd also recommend setting Outlook to view all emails as Plain Text. That way any embedded images will be converted into attachments and html images referenced from an external site will be stripped.
GTaudiophile
Lifer
- Oct 24, 2000
- 29,767
- 33
- 81
Originally posted by: SagaLore
Originally posted by: GTaudiophile
Originally posted by: SagaLore
Then no, sorry.
Thanks Anyway!
I just went to all computers and did the following:
1) Updated Norton and MS Antispyware.
2) RAN Windows Update.
3) Disabled Preview Panes in Outlook.
4) Enabled "Classic View" for Windows folders.
5) Enabled DEP for all programs.
6) Disabled WPV in the command line.
7) Increased IE security level to High.
I have that will keep us okay through today, Friday, and Monday.
I'd also recommend setting Outlook to view all emails as Plain Text. That way any embedded images will be converted into attachments and html images referenced from an external site will be stripped.
How do you do that in Outlook 2000/XP?
I see where you can set Outlook to create either HTML or plain text.
SagaLore
Elite Member
- Dec 18, 2001
- 24,036
- 21
- 81
Originally posted by: GTaudiophile
Hmm... sorry, I guess you can't do it in Outlook. You can only do it on the Exchange server.
You could also setup an email gateway that does it for you. Before switching to an antispam appliance (and before spam was that big of a deal), we use to use this product:
http://www.antisource.com/article.php/20040616035400842
But that's not going to help you with POP3 type setups. We have all corporate email coming in via an mx record and we host our mail inhouse. With the tfs product you can convert all incoming emails to plain text mime, and setup content macros and such. Also can enable RBL blacklists... but now I'm getting off topic.
Originally posted by: GTaudiophile
Originally posted by: SagaLore
Originally posted by: GTaudiophile
Originally posted by: SagaLore
Then no, sorry.
Thanks Anyway!
I just went to all computers and did the following:
1) Updated Norton and MS Antispyware.
2) RAN Windows Update.
3) Disabled Preview Panes in Outlook.
4) Enabled "Classic View" for Windows folders.
5) Enabled DEP for all programs.
6) Disabled WPV in the command line.
7) Increased IE security level to High.
I have that will keep us okay through today, Friday, and Monday.
I'd also recommend setting Outlook to view all emails as Plain Text. That way any embedded images will be converted into attachments and html images referenced from an external site will be stripped.
How do you do that in Outlook 2000/XP?
I see where you can set Outlook to create either HTML or plain text.
[HKEY_CURRENT_USER\Software\Microsoft\Office\<version number>\Outlook\Options\Mail]
Create a DWORD Value named "ReadAsPlain" with a value of "1".
1. Version Number 11 is for Outlook 2003. 10 is for Outlook 2002 and I believe 8.0 is for Outlook 2000.
2. So far I have not found the Mail subkey on machines with Outlook 2002 and earlier. But it works the same if you create the key and add the DWORD value.
Pretty useful.
automatic updates just popped up, and installed a "Cumulative security update" that was probably it!
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 384
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
Facebook
Twitter