1st January 2006, 06:19 AM
|
#3
|
|
Visiting from Robin Hood Country
Join Date: Jul 2005
Shard: Europa
Posts: 180
Gold: 266
Thanks: 1
Thanked 15 Times in 7 Posts
|
Re: Hacking Warning!!
I asked a few questions. Here they are, with the answers I got:
Quote:
Q Is it possible for this virus to be included in someone's board siggie?
AYes, and sig isn't the only way.
Q Or can you only use .jpg and .gif for those?
A ADoesn't matter. As for how to do it, I won't reveal, but it's seriously simple.
Q should we all turn off the ability to see siggies for the time being?
A Yes, avatars too.
Q he used a link. Was that because it's the only way it can be done?
A No.
Q because it's the only way that particular person could do it?
A Because it was probably the only way he was aware of doing it.
Going to Start / Run and typing "regsvr32 -u %windir%\system32\shimgvw.dll" without the quotes and OK'ing out helps a little. This disables the image/fax viewer in XP, but as said before, the problem isn't shimgvw.dll, it's the GDI32.DLL's faulty escape()-function which gets called, and this is a core part of Windows. Unregistering shimgvw.dll helps, but doesn't make you completely immune. To undo the change, simply remove the -u from the line, so type "regsvr32 %windir%\system32\shimgvw.dll" without the quotes, after Microsoft releases a fix.
Best is to unregister the shimgvw.dll, use a good antivirus program (check eWeek's yesterday's article here http://www.eweek.com/article2/0,1895,1907131,00.asp to see which antivirus softwares are doing well with this issue), turn DEP fully on with WinXP SP2 if you have it and then hope and pray. Instuctions on how to turn DEP on is at http://www.microsoft.com/technet/sec...nfxp.mspx#EFAA but remember, whatever you do, there currently is NO fix that will make you 100% immune to this. =/
Two different ways are known to exploit the vulnerability and a third possible way is not confirmed yet but seems likely.
Keep checking these sites for news with the issue:
http://www.us-cert.gov/current/current_activity.html
http://www.f-secure.com/weblog/
Quote from F-Secure's Mikko Hyppönen (one of world's leading virus experts) about this issue today: It's going to get worse.
|
On every board I post I've now turned off the options to see any kind of picture. Not that I don't trust the people currently on them, but because at least one account was purpose made on Stratics to try to infect people (the 'he' referred to in the questions Jarno answered for me). Sorry if the questions don't make sense, Jarno picked them out of the rest of the text I posted. |
|
|