Steevo said:
that's a great faq net.NetRyder said:Here's a FAQ on the SANS ISC: http://isc.sans.org/diary.php?storyid=994
perris said:we also see firefox only offers little protection and both fixes should be invoked regardless of the browser.
It is a Windows problem. IE will simply execute the exploit when you visit the malicious site. Firefox has a bug that wrongly handles WMF files, so as a side-effect, it prompts you before opening the file, providing one additional layer of protection. But if you open the file, you're screwed either way, regardless of what browser you're using.Heeter said:Hi J79ZLR,
You mentioned earlier that firefox wouldn't open this type of file. This article mentions that it's more of a Windows problem, than a browser problem.
If a machine is infected, you'll know immediately. It'll look something like this:If a machine is infected:
What is the tell-tale signs? What is the fix to remove/repair an infected system?
All I have read about is what a bad bug this is, but cannot find what it does and what we are supposed to do to repair an infected system.
Heeter said:Hi J79ZLR,
You mentioned earlier that firefox wouldn't open this type of file. This article mentions that it's more of a Windows problem, than a browser problem.
Hey Guys,
If a machine is infected:
What is the tell-tale signs? What is the fix to remove/repair an infected system?
All I have read about is what a bad bug this is, but cannot find what it does and what we are supposed to do to repair an infected system.
Thanks Guys,
Heeter
While that's certainly true, one can clearly see that some products are better than others, especially due to better heuristic detection techniques in this particular case where variants are springing up rapidly.j79zlr said:That doesn't make any sense? Use the unofficial patch and unregister the DLL, you cannot expect any antivirus to be able to successfully identify and stop all new variations of this, which do seem to be rapidly increasing.
Most of us here shouldn't be affected since we know what's involved, but it's definitely a significant threat to the less techie crowd. Seems like it might be a good idea to warn our friends and relatives about this as a follow-up to our New Year's greetings.Grandmaster said:This is going to be a huge mess...
NetRyder said:Most of us here shouldn't be affected since we know what's involved, but it's definitely a significant threat to the less techie crowd. Seems like it might be a good idea to warn our friends and relatives about this as a follow-up to our New Year's greetings.