images on forums can infect your computer with malware

Join 500,000+ Artists

Its' free and it takes less than 10 seconds!

Join the #1 Art Workshop - LevelUpJoin Premium Art Workshop

Page 1 of 2 1 2 LastLast
Results 1 to 30 of 33
  1. #1
    Join Date
    Sep 2004
    Location
    Stockholm, Sweden
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0

    Exclamation images on forums can infect your computer with malware

    Whistle from eatpoo gave me a heads up on this and I felt I should tell you guys here as well.

    WHAT IS IT?
    There is a new exploit out that uses WMF (windows metafile format) files to infect a computer. All you have to do to get infected is view a webpage that has the image on it, or access an infected image that is on your computer. That means the forums can be a vector for infection too. (In fact, user Blue Reptile has already been permabanned for putting the exploit in his signature.)

    WHO IS VULNERABLE?
    The exploit affects Firefox, Internet Explorer, and any other browser that displayes or downloads the file into the cache on the local machine. The file could also be a WMF renamed to any other image type, or possible other filetypes. Anything that puts the image exploit onto your computer or opens it up in windows fax viewer or the part of windows that generates thumbnails of WMF files is a vulnerability. This means any vector that puts the image onto your computer (wget, browser, email, IM, etc) can potentially cause the problem.

    This affects anyone on Windows (98, 98SE, ME, 2000, XP, 2003). USING FIREFOX DOES NOT ELIMINATE THE RISK as the file is still downloaded to your cache in most cases, but it does reduce your chances somewhat since the image is often not displayed in the browser. But if you then interact with the file in any way (thumbnail it, Google Desktop, hover over with the mouse) that causes it to be handled by the windows subsystem responsible for WMF then you will have problems. Once again, YOU CAN BE CAUGHT BY THIS EXPLOIT EVEN IF THE IMAGE DOES NOT SHOW IN THE BROWSER. If you use Windows, your system is vulnerable.
    more info: http://www.metafilter.com/mefi/47964

    This is a pretty serious danger, over at eatpoo I've suggested that we disable all image posting until microsoft releases a patch, but we've not decided anything yet.

    Reply With Quote Reply With Quote  


  2. Hide this ad by registering as a member
  3. #2
    Join Date
    Sep 2004
    Location
    Stockholm, Sweden
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    also the reason I'm not PM'ing this to a moderator or admin is because I don't know who they are on CA. sorry.

    Reply With Quote Reply With Quote  

  4. #3
    Join Date
    May 2005
    Location
    CT, USA
    Posts
    480
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Reply With Quote Reply With Quote  

  5. #4
    Join Date
    Jan 2005
    Posts
    2,287
    Thanks
    3
    Thanked 4 Times in 4 Posts
    Follows
    0
    Following
    0
    Advocate, that was one of the funniest things I've seen in a while.

    Reply With Quote Reply With Quote  

  6. #5
    Join Date
    Sep 2005
    Posts
    792
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Haha

    Thanks for the heads up, but it's already been discussed here.

    You suggested they disable all image posting at Eatpoo? Have they eaten you alive yet?

    Sketchbook support group #7
    Andorz
    Koshime
    Number_6
    Slash
    Mike Frank
    Haldor
    BDFoster
    Gloominati
    _________________________________________
    The Hunger site
    Reply With Quote Reply With Quote  

  7. #6
    Join Date
    Sep 2004
    Location
    Stockholm, Sweden
    Posts
    6
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    That's weird, I did a search for it and nothing showed up, but I see the topic now. It seem to not have gotten much attention.
    I just want to stress again how malicious this is, it's nothing like CLICK HERE FOR LARGER PENIS, you don't even have to see the image. It can be hidden pretty much in anything as long as it gets loaded by ie or even just your file browser in windows.



    and no they haven't eaten me alive, seeing as how I am an admin there

    Reply With Quote Reply With Quote  

  8. #7
    Join Date
    Jun 2004
    Location
    I'm hiding under your bed!
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Dear God no!!!

    And what, pray tell, does this dread menace do after infecting our precious computers? It doesn't sign me up for a subscription to "The Watchtower" does it? Nooooo!

    If you all need me I'll be hiding under my bed till "computering" is safe again.

    (Insert stupid, pointless, and offensive signature here)
    www.wayofthegeek.com My web comic full of stupid geekiness.
    www.carterillustration.com My website filled with freelancing EVIL.
    Reply With Quote Reply With Quote  

  9. #8
    Join Date
    May 2005
    Posts
    4,915
    Thanks
    0
    Thanked 28 Times in 21 Posts
    Follows
    0
    Following
    0
    Ah yeah, heard of this, apparently extremely old, it's been done years ago but no real problems.

    Reply With Quote Reply With Quote  

  10. #9
    Join Date
    Sep 2005
    Posts
    792
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Quote Originally Posted by Noodle!
    and no they haven't eaten me alive, seeing as how I am an admin there
    But... but you suggested they disable image posting. On Eatpoo!

    Sketchbook support group #7
    Andorz
    Koshime
    Number_6
    Slash
    Mike Frank
    Haldor
    BDFoster
    Gloominati
    _________________________________________
    The Hunger site
    Reply With Quote Reply With Quote  

  11. #10
    Join Date
    Jun 2004
    Location
    I'm hiding under your bed!
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Aaaarrrggg! Computer infected... Much pain.... Nooo!, it's forcing me to watch "Full House" reruns... Bob Sacket!...(Gasp! Insert sounds of slow painful death here)

    (Insert stupid, pointless, and offensive signature here)
    www.wayofthegeek.com My web comic full of stupid geekiness.
    www.carterillustration.com My website filled with freelancing EVIL.
    Reply With Quote Reply With Quote  

  12. #11
    Join Date
    Jul 2003
    Location
    Queens, New York, United States
    Posts
    1,477
    Thanks
    0
    Thanked 2 Times in 2 Posts
    Follows
    0
    Following
    0
    Thanks Noodle!

    Was that hard to do gentlemen? seriously...

    Reply With Quote Reply With Quote  

  13. #12
    Join Date
    Jun 2003
    Location
    Under your skin
    Posts
    1,753
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Follows
    0
    Following
    0
    This is one of the more serious exploits that came out just last week.

    Thanks for being conscientious enough to post this Noodle!

    As for you other assholes, that's great that you slam someone looking out for you.

    For those that actually want more info on this you can visit f-secure's site http://www.f-secure.com/zero-day/, if you dig around a bit they provide a list of domains that you might want to block if you have the ability to do so.

    Reply With Quote Reply With Quote  

  14. #13
    Join Date
    Oct 2002
    Location
    Alabama
    Posts
    2,013
    Thanks
    432
    Thanked 703 Times in 290 Posts
    Follows
    0
    Following
    0
    my laptop actually got busted by this malware a few nights ago ---- I've since been able to clear things up, but it affected my Norton anti-virus 'repair' functions and I haven't been able to properly re-install the program.
    Now I have a constant WARNING popin from the windows-update that directly links to the malware ... so's i can't click that, and it gets in the way of my doodling...

    .sucks balls.


    my website
    -- playing: "Pikmin 3" and "World of Tanks"
    -- reading: "Death of the Liberal Class" -Chris Hedges


    O my soul, do not aspire to immortal life, but exhaust the limits of the possible. - Pindar
    Reply With Quote Reply With Quote  

  15. #14
    Join Date
    Jun 2004
    Location
    I'm hiding under your bed!
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Groover, I'm just joking, not trying to be an ass. Sorry.

    Seriosly though, what does this thing do? and how do you protect yourself?

    (Insert stupid, pointless, and offensive signature here)
    www.wayofthegeek.com My web comic full of stupid geekiness.
    www.carterillustration.com My website filled with freelancing EVIL.
    Reply With Quote Reply With Quote  

  16. #15
    Join Date
    Jul 2002
    Location
    San Francisco, CA
    Posts
    2,963
    Thanks
    1,345
    Thanked 1,308 Times in 307 Posts
    Follows
    0
    Following
    0
    Quote Originally Posted by Mr. Pale
    how do you protect yourself?
    By turning to the Dark Side.

    images on forums can infect your computer with malware

    Reply With Quote Reply With Quote  

  17. #16
    Join Date
    Jun 2004
    Location
    I'm hiding under your bed!
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    No, anything but that. (Sob, whimper) I have to use those horrible things at my day job.

    (Insert stupid, pointless, and offensive signature here)
    www.wayofthegeek.com My web comic full of stupid geekiness.
    www.carterillustration.com My website filled with freelancing EVIL.
    Reply With Quote Reply With Quote  

  18. #17
    Join Date
    Jun 2003
    Location
    Under your skin
    Posts
    1,753
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Follows
    0
    Following
    0
    From what I've read it requires very little interaction. Everyone needs to be careful with .wmf files. Most of the infected files have this extension. It seems all it takes is viewing a bad file with your browser or windows fax and picture viewer. Mozilla/Firefox should give you a prompt, I'm not sure about IE.

    My antivirus program succeeded in blocking one attempt to open this when I visited a torrent site.

    So far (like Sammy says) infected windows machines usually will have a fake antivirus prompt installed on the taskbar.

    Reply With Quote Reply With Quote  

  19. #18
    Join Date
    Jul 2002
    Location
    Austin TX
    Posts
    10,763
    Thanks
    2,078
    Thanked 11,146 Times in 2,693 Posts
    Follows
    2
    Following
    1
    Quote Originally Posted by Exo
    By turning to the Dark Side.

    images on forums can infect your computer with malware

    no thanks...i like having software for my computer...and games.




    LEVEL UP! - ConceptArt.Org online workshops are on sale- Join now and get 25% off!
    Reply With Quote Reply With Quote  

  20. #19
    Join Date
    Dec 2005
    Location
    Arkansas (not entirely by choice)
    Posts
    146
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    I'm so glad I don't use a windows machine. Thank God for Steve Jobs and his wonderful little machine!

    Reply With Quote Reply With Quote  

  21. #20
    Join Date
    May 2004
    Location
    Norway
    Posts
    4,049
    Thanks
    644
    Thanked 1,274 Times in 408 Posts
    Follows
    0
    Following
    0
    Quote Originally Posted by Jason Manley
    no thanks...i like having software for my computer...and games.


    LOL! My sentiment exactly. Same goes for this:

    images on forums can infect your computer with malware

    Reply With Quote Reply With Quote  

  22. #21
    Join Date
    Jun 2004
    Location
    I'm hiding under your bed!
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    Not to go completley off topic, but just had the power supply go out on one of our macs. Apple would not sell us a replacement, they forced us to have some tech come out and replace it. $300 and something bill and two days of downtime.

    Burnt up my power supply at home, went to circuit city they had a wall full of replacements for less than $100. Replaced it myself took about an hour including the drive.

    Apple should just make iPods, those things are nifty.

    (Insert stupid, pointless, and offensive signature here)
    www.wayofthegeek.com My web comic full of stupid geekiness.
    www.carterillustration.com My website filled with freelancing EVIL.
    Reply With Quote Reply With Quote  

  23. #22
    Join Date
    Nov 2004
    Location
    Nottingham
    Posts
    2,447
    Thanks
    142
    Thanked 168 Times in 123 Posts
    Follows
    0
    Following
    0
    F**kin ell, I can see another Pc's better Mac's debate coming on. Seen a few too many thousand of these

    Reply With Quote Reply With Quote  

  24. #23
    Join Date
    Nov 2004
    Location
    Southern CT, USA
    Posts
    565
    Thanks
    0
    Thanked 1 Time in 1 Post
    Follows
    0
    Following
    0
    Hey! I was just hit with the "Amish Computer Virus!" This was the message:
    You have just received the Amish virus. Since we have no electricity or computers, you are on the honor system. Please delete all of your files on your hard drive. Then forward this message to everyone in your address book. We thank thee.


    Mark Hannon
    Art Direction & Design
    Online Portfolio
    Reply With Quote Reply With Quote  

  25. #24
    Join Date
    Jun 2004
    Location
    I'm hiding under your bed!
    Posts
    265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Follows
    0
    Following
    0
    I got that same virus, but it also told to get rid of all my buttons, wear black, and it kept calling me "english" for some reason.

    (Insert stupid, pointless, and offensive signature here)
    www.wayofthegeek.com My web comic full of stupid geekiness.
    www.carterillustration.com My website filled with freelancing EVIL.
    Reply With Quote Reply With Quote  

  26. #25
    Join Date
    Sep 2005
    Location
    Australia
    Posts
    1,173
    Thanks
    22
    Thanked 98 Times in 35 Posts
    Follows
    0
    Following
    0
    http://www.hexblog.com/index.html

    For unofficial patch.

    FAQ

    # What operating systems are supported?

    The fix is known to work on Windows 2000, XP (SP1 and SP2), XP64, Windows 2003. It does not work on Windows 98, ME, NT. The impact of the vulneratility for unsupported systems is small and they are not as vulnerable as 2000 and XP.

    # How to install the hotfix on a single computer?

    Just run wnffix_hexblog14.exe. If the fix happens to be incompatible with your system, it will inform you about it and quit. After a successful installation, REBOOT.

    # How to install the hotfix on my network?

    You can run the installer in the silent mode:

    wmffix_hexblog14.exe /VERYSILENT /SUPPRESSMSGBOXES

    There will be no dialog boxes on the screen and the installtion will be completely automatic.

    # How to uninstall the hotfix?

    The hotfix will be listed in the Add/Remove programs window and you can uninstall it from there.

    # How to check that the hotfix is working on my computer?

    Use the checker to verify that the hotfix works. If should report that your system is invulnerable. In it reports that your system is still vulnerable, check the HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs registry key. It should contain a reference to cwindows\system32\wmfhotfix.dll. There are some programs known to clean up this registry key. The fix will not work in this case. You should find and disable the program which cleans the registry key or uninstall the hotfix.

    # What does the hotfix exactly do?

    The hotfix disables a vulnerable function in GDI32.DLL. It does not disable any other functionality: you will still be able to use the Fax & Puctire viewer and other programs. It does not alter any file on your computer, the modifications are done in the memory and will disappear as soon as the hotfix is unistalled and the computer is rebooted.

    # How long should the hotfix stay on the computer?

    The hotfix should be uninstalled from the computer after applying the official patch from Microsoft.

    Reply With Quote Reply With Quote  

  27. #26
    Join Date
    Mar 2005
    Location
    Sweden
    Posts
    2,105
    Thanks
    113
    Thanked 515 Times in 187 Posts
    Follows
    0
    Following
    0
    Thanks man! Will this work if my PC is already infected though?

    [url=http://galleryonefone.blogspot.com[/url] This would be my gallery in Sweden

    This would be my Pleine Air blog
    Reply With Quote Reply With Quote  

  28. #27
    Join Date
    Sep 2005
    Location
    Australia
    Posts
    1,173
    Thanks
    22
    Thanked 98 Times in 35 Posts
    Follows
    0
    Following
    0
    Quote Originally Posted by timpaatkins
    Thanks man! Will this work if my PC is already infected though?
    It will likely patch the vulnerability but do nothing else. So you'll have to remove the malware through other means, and as payloads vary, said malware may have done anything to your system including opening new holes.

    gah my brother got infected on day 0 and i have to clean up after him. Spyaxe - nasty...

    Reply With Quote Reply With Quote  

  29. #28
    Join Date
    Mar 2005
    Location
    Sweden
    Posts
    2,105
    Thanks
    113
    Thanked 515 Times in 187 Posts
    Follows
    0
    Following
    0
    Damn it! I got PS guard....
    Thanks for the help dude!
    Edit: I got rid of the bastard! Thank f**k...

    Tim

    Last edited by timpaatkins; January 5th, 2006 at 03:59 PM.
    [url=http://galleryonefone.blogspot.com[/url] This would be my gallery in Sweden

    This would be my Pleine Air blog
    Reply With Quote Reply With Quote  

  30. #29
    Join Date
    Oct 2002
    Location
    Alabama
    Posts
    2,013
    Thanks
    432
    Thanked 703 Times in 290 Posts
    Follows
    0
    Following
    0
    Quote Originally Posted by Snarfevs
    It will likely patch the vulnerability but do nothing else. So you'll have to remove the malware through other means, and as payloads vary, said malware may have done anything to your system including opening new holes.

    gah my brother got infected on day 0 and i have to clean up after him. Spyaxe - nasty...
    any tips on getting rid of that spyaxe? --- it still runs rampant on my laptop, i've been disabling "system restore" but it still comes back from the grave after a cleanup.....

    since it has corrupted my norton install --- I can't restart my computer to repair/deleat the bastard.


    my website
    -- playing: "Pikmin 3" and "World of Tanks"
    -- reading: "Death of the Liberal Class" -Chris Hedges


    O my soul, do not aspire to immortal life, but exhaust the limits of the possible. - Pindar
    Reply With Quote Reply With Quote  

  31. #30
    Join Date
    Nov 2004
    Posts
    856
    Thanks
    37
    Thanked 24 Times in 15 Posts
    Follows
    0
    Following
    0
    MS got round to posting a malware removal thingy. I dled it but haven't restarted yet to see if it works.

    Reply With Quote Reply With Quote  

Page 1 of 2 1 2 LastLast

Members who have read this thread: 0

There are no members to list at the moment.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
  • 424,149 Artists
  • 3,599,276 Artist Posts
  • 32,941 Sketchbooks
  • 54 New Art Jobs
Art Workshop Discount Inside
Register

Developed Actively by vBSocial.com
The Art Department
SpringOfSea's Sketchbook