Security Bulletins


Contact Us

2006 Jan 3rd - WMF vulnerability

Reported recently was a vulnerability in how Windows handles WMF image files, and it affects all versions of Windows dating back to Windows 3.0 (1990), including Windows XP with Service Pack 3 and Windows 2003 with Service Pack 1. The vulnerability has been exploited by spyware authors as well as Trojan/Virus writers. While antivirus companies have been able to keep up, Microsoft has made it known that they will issue a fix to the problem in the next patch release cycle. In the mean time, a programmer named Ilfak Guilfanov took it upon himself to create a patch, and by all reviews, it appears to work as advertised. However, Microsoft has cautioned against using it and advises everyone to wait until next week for the official patch to be released.

2005 Dec 12th - New Year's Treat

According to several security sites, there is an expected breakout of a Sober worm variant set for January 5, 2006. More details can be found on iDefense. Please make sure your home and office computers are using up-to-date virus scanning software. Using virus software that does not check and download updates regularly will not protect you from these current threats. Most antivirus software that comes pre-installed on systems (eg. Norton) only download new updates for a very limited time (usually 90 days at most) unless you specifically purchase the software.

You can also run a manual scan at Housecall by Trend Micro.

Now for a generic statement regarding how these worms are spread. Most modern computer worms (aka viruses) arrive in emails that pretend to be from someone you know. When a system becomes infected, the worm scours the infected system for anything that looks like a valid email address. It can search address books, previously received/sent emails, Office documents, temporary Internet files, etc. The worm will then create a random email to someone from that list and forge who it comes from. The result is an email that looks like it came from someone you quite possibly know. It will more than likely have an attachment of some sort as well as a carefully crafted Subject enticing you to open the attachment. Newer worms can use Zip files for this as well. (An old way of deciding if an email was a virus or not was whether the attachment was an executable (not safe) or a zip file (safe). THAT WAY OF THINKING DOES NOT WORK ANY LONGER.) So, if you are not expecting an email from someone with an attachment, do not open it. It's much easier (and usually cheaper) to miss out on a joke, picture, etc., than it is to try and clean a system of one of these nasty parasites.