GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Who will be the first sponsor to step up about the link code change / trojan problem?

Lanceman · 03-13-2007, 10:11 PM

Microsoft Windows WMF exploits advisory

An update from Microsoft that fixes this vulnerabilty is now available:
http://www.microsoft.com/athome/secu...00601_WMF.mspx

A very serious vulnerability has been discovered in Microsoft Windows, for which exploits are found on the internet. It concerns issues with files that are interpreted by windows as .WMF files.

At this moment there is no patch from Microsoft. There are some workarounds for vulnerable systems that can be applied. More information on this issue can be found here:

urls:
http://www.security.nl/article/12594...F_exploit.html
http://secunia.com/advisories/18255/
http://isc.sans.org/diary.php
http://www.viruslist.com/en/alerts?alertid=176701669

Malicious files that can lead to an exploit can be both in e-mail attachments and on the internet on http servers.

The TUNIX/Firewall can help to avoid some risk in the following ways:

Firstly the Kaspersky virusscanner for email on TUNIX firewalls detects trojans that use this exploit, if the firewall uses a recent signature-database. It has been doing so since December 28th 2005.

Secondly a number of URLs have been identified that may contain malicious content. TUNIX recommends blacklisting the listed URLs on the TUNIX/Firewall. This can be accomplished using a simple URL blacklist.

At this moment the following URLs can be blocked:
m.cpa4.org
008k.com
mscracks.com
keygen.us
dailyfreepics.us
pornsites-reviews.com
mmxo.megaman-network.com
600pics.com
Crackz.ws
unionseek.com
www.tfcco.com
Iframeurl.biz
beehappyy.biz
Buytoolbar.biz
teens7.com

Thirdly two netblocks can be blocked as well according to sources at SANS:
http://isc.sans.org/diary.php

InterCage Inc.: 69.50.160.0/19 (69.50.160.0 - 69.50.191.255)
Inhoster: 85.255.112.0/20 (85.255.112.0 - 85.255.127.255)

This can also be implemented by http blocklists. It should be noted that blocking entire netblocks always carries the risk of blocking websites that should not be blocked.

Customers with a Managed Firewall (MF) contract, customers with a Remote Standby (RS) contract or customers with a Remote Maintenance (RB) contract can contact TUNIX Firewall Support to make the necessary adjustments to the configuration of TUNIX/txhttp or Tunix/http-gw to block this activity.

03-13-2007, 10:11 PM
Lanceman So Fucking Banned Join Date: Mar 2007 Posts: 301	Microsoft Windows WMF exploits advisory An update from Microsoft that fixes this vulnerabilty is now available: http://www.microsoft.com/athome/secu...00601_WMF.mspx A very serious vulnerability has been discovered in Microsoft Windows, for which exploits are found on the internet. It concerns issues with files that are interpreted by windows as .WMF files. At this moment there is no patch from Microsoft. There are some workarounds for vulnerable systems that can be applied. More information on this issue can be found here: urls: http://www.security.nl/article/12594...F_exploit.html http://secunia.com/advisories/18255/ http://isc.sans.org/diary.php http://www.viruslist.com/en/alerts?alertid=176701669 Malicious files that can lead to an exploit can be both in e-mail attachments and on the internet on http servers. The TUNIX/Firewall can help to avoid some risk in the following ways: Firstly the Kaspersky virusscanner for email on TUNIX firewalls detects trojans that use this exploit, if the firewall uses a recent signature-database. It has been doing so since December 28th 2005. Secondly a number of URLs have been identified that may contain malicious content. TUNIX recommends blacklisting the listed URLs on the TUNIX/Firewall. This can be accomplished using a simple URL blacklist. At this moment the following URLs can be blocked: m.cpa4.org 008k.com mscracks.com keygen.us dailyfreepics.us pornsites-reviews.com mmxo.megaman-network.com 600pics.com Crackz.ws unionseek.com www.tfcco.com Iframeurl.biz beehappyy.biz Buytoolbar.biz teens7.com Thirdly two netblocks can be blocked as well according to sources at SANS: http://isc.sans.org/diary.php InterCage Inc.: 69.50.160.0/19 (69.50.160.0 - 69.50.191.255) Inhoster: 85.255.112.0/20 (85.255.112.0 - 85.255.127.255) This can also be implemented by http blocklists. It should be noted that blocking entire netblocks always carries the risk of blocking websites that should not be blocked. Customers with a Managed Firewall (MF) contract, customers with a Remote Standby (RS) contract or customers with a Remote Maintenance (RB) contract can contact TUNIX Firewall Support to make the necessary adjustments to the configuration of TUNIX/txhttp or Tunix/http-gw to block this activity. Last edited by Lanceman; 03-13-2007 at 10:12 PM..