Oh f**k
Some bastard's created a virus that works through windows metafiles being able to impliment arbitrary code. The problem with windows metafiles is in legacy code reaching back to Windows 3.0.
That means that just by visiting a malicious website (and running windows), and by loading a picture in any web browser, my computer could be infected. And the rendering engine for .wmf files kicks in in Firefox and Opera.
Then there's the MS worm. Click on a specific .jpg link and the parser will automatically see that it's a WMF file and open it with the metafile reader - which then sends it to your entire friends list.
Just to add insult to injury, SANS doesn't expect MS to release a patch before the 9th.
Advice from SANS (and other sources is to run the (third party) patch and to unlink the vulnerable dll: From the Start Menu, select Run then copy and execute the following line:regsvr32 -u %windir%\system32\shimgvw.dll
Unfortunately I'm running Win98 - meaning that the OS is too old for the patch (but not for the virus) and that it's rejecting my unlink command.
Help!
Update: It looks as if only WinXP and Windows Server 2003 are vulnerable (by default anyway...). I hope they are right - SANS doesn't think MS is going to release a patch for Win98.
Update 2: MS have released the patch early. If you run WinXP, go to http://windowsupdate.microsoft.com to download the patch.
That means that just by visiting a malicious website (and running windows), and by loading a picture in any web browser, my computer could be infected. And the rendering engine for .wmf files kicks in in Firefox and Opera.
Then there's the MS worm. Click on a specific .jpg link and the parser will automatically see that it's a WMF file and open it with the metafile reader - which then sends it to your entire friends list.
Just to add insult to injury, SANS doesn't expect MS to release a patch before the 9th.
Advice from SANS (and other sources is to run the (third party) patch and to unlink the vulnerable dll: From the Start Menu, select Run then copy and execute the following line:regsvr32 -u %windir%\system32\shimgvw.dll
Unfortunately I'm running Win98 - meaning that the OS is too old for the patch (but not for the virus) and that it's rejecting my unlink command.
Help!
Update: It looks as if only WinXP and Windows Server 2003 are vulnerable (by default anyway...). I hope they are right - SANS doesn't think MS is going to release a patch for Win98.
Update 2: MS have released the patch early. If you run WinXP, go to http://windowsupdate.microsoft.com to download the patch.