Fwd:Windows PCs face ‘huge’ virus threat

[Guest guest]

http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html

 

 

Windows PCs face ‘huge’ virus threat

By Kevin Allison in San Francisco

Published: January 2 2006 18:18 | Last updated: January 2 2006 22:19

 

Security experts were grappling with the threat of a new weakness in

Microsoft’s Windows operating system that could put hundreds of millions of

PCs at risk of infection by spyware or viruses.

 

The news marks the latest security setback for Microsoft, the world’s

biggest software company, whose Windows operating system is a favourite

target for hackers.

 

“The potential [security threat] is huge,†said Mikko Hyppönen, chief

research officer at F-Secure, an antivirus company. “It’s probably

bigger than for any other vulnerability we’ve seen. Any version of

Windows is vulnerable right now.â€

 

The flaw, which allows hackers to infect computers using programs

maliciously inserted into seemingly innocuous image files, was first

discovered last week. But the potential for damaging attacks increased

dramatically at the weekend after a group of computer hackers published

the source code they used to exploit it. Unlike most attacks, which

require victims to download or execute a suspect file, the new

vulnerability makes it possible for users to infect their computers with

spyware or a virus simply by viewing a web page, e-mail or instant

message that contains a contaminated image.

 

“We haven’t seen anything that bad yet, but multiple individuals and

groups are exploiting this vulnerability,†Mr Hyppönen said. He said

that every Windows system shipped since 1990 contained the flaw.

 

Microsoft said in a security bulletin on its website that it was aware

that the vulnerability was being actively exploited. But by early

yesterday, it had not yet released an official patch to correct the

flaw. “We are working closely with our antivirus partners and aiding law

enforcement in its investigation,†the company said. In the meantime,

Microsoft said it was urging customers to be careful opening e-mail or

following web links from untrusted sources.

 

Meanwhile, some security experts were urging system administrators to

take the unusual step of installing an unofficial patch created at the

weekend by Ilfak Guilfanov, a Russian computer programmer.

 

Concerns remain that without an official patch, many corporate

information technology systems could remain vulnerable as employees

trickle back to work after the holiday weekend.

 

“We’ve received many e-mails from people saying that no one in a

corporate environment will find using an unofficial patch acceptable,â€

wrote Tom Liston, a researcher at the Internet Storm Center, an

antivirus research group. Both ISC and F-Secure have endorsed the

unofficial fix.

 

Microsoft routinely identifies or receives reports of security

weaknesses but most such vulnerabilities are limited to a particular

version of the Windows operating system or other piece of Microsoft

software. In recent weeks, the company has been touting its progress in

combating security threats.

 

The company could not be reached on Monday for comment.

 

 

" When the power of love becomes stronger than the love of power, we will have

peace. "

Jimi Hendrix