Happy Holidays everyone…. Or, as the people who are releasing viruses and exploits would like to say “Unhappy Holidays everyone….” If you’ve been away from your computers for the past week (which is a great thing if you have a family or loved ones), then you’ve probably missed all of the news. So, here are some links for more information.
http://isc.sans.org (SANS Internet Storm Center).and http://www.microsoft.com/technet/security/advisory/912840.mspx (Microsoft’s Security Bulletin).
At this time, the only effective solution (at least for the moment) is to unregister the dll file that is partially involved in this and to apply an ‘unofficial’ patch provided on the SANS website. I mention that the dll file is partially involved, because as the handlers at SANS point out, even unregistering the shimgvw.dll file won’t protect you, as the issue lies in the gdi32.exe file also.
Also, it should be noted that users of Windows 95, 98, and ME may be affected by this also. No one is really testing those versions against this, because of the fact that they are at the end of their support lifecycles. So, this could become a “watershed” moment for you (as quoted from the SANS website). If you are affected, Microsoft may not provide a patch for you. The ‘unofficial’ patch hasn’t been tested on your versions, although I’m hoping someone will eventually. You may have one option in this instance…. Upgrade to Windows XP. This means you’ll have to upgrade hardware as well as the Operating System, as XP requires more memory (RAM) then Windows 95,98,ME. In short, it’s probably going to be time for a new computer.
If you’re not affected by this security issue (Windows 95, 98, ME and Linux/MAC/Unix users) count your blessings. If you’re on a Windows based computer, you’re still going to want to upgrade. Because eventually you will catch something. Eventually, the security issues will affect a program that you have. And, in that case, eventually Microsoft will say “Our patches won’t work for you. And, we aren’t going to release one that will.” If you’re on a Non-Windows Operating System, I would suggest testing your systems against these issues as well. The reasoning? Because as a lot of people (mainly Windows users) point out, you’re not being hit by these exploits because your choice of Operating System isn’t as popular as Windows. But eventually it will be. So, it’s better to make sure now, then find out later.
As always, keep your Antivirus programs updated. Up until New Years Eve, most of the major AV firms were able to detect 73 variants of the exploit. Unfortunately, Generation 2 was released on New Years Eve. Three of the major AV firms were able to detect the exploit, but at least one of those was actually detecting the payload (whatever virus the person was choosing to drop into your computer). And, it was a test case with a well-known payload. So, the real-deal will probably be a virus that isn’t as well known. Still, by keeping your AV updated and doing regular scans, you’re decreasing the chances of getting infected. Because, as quickly as they can, the AV firms are updating for this.
In conclusion, CONSTANT VILLIGANCE is necessary here. Do everything that you can to protect yourself, and keep doing it. If you’ve let your AV lapse, or have an older version of one, update it. Or, uninstall it, and get a new one. There are a lot of good free AV’s out there, and as much as I don’t like Symantec and McAfee, they are in the list that was able to detect the 73 variants. Symantec was able to detect the payload in the new versions also.
Good luck, and hopefully 2006 will be as good or better for you then 2005 was.