Information is building and views are changing all the time. But everyone agrees that this WMF Zero-Day is nasty. Here is what we know on "WMF Day 3"
DEP Method
Sunbelt is reporting on their blog that the software-based DEP Windows XP SP2 method once suggested by Microsoft is not very effective. They found that hardware-based DEP is effective, but requires a CPU that supports it.
REGSRV32 Method
Bill Hayes pointed me to the latest F-Secure blog entry this morning. F-Secure found that the REGSRV32 workaround doesn't protect you from the WMF when using MSPaint. Great! lol
They suggest not using MSPaint at all for a while, which doesn't seem too difficult at this point.
It should also be stated that using Firefox does NOT protect you totally. Firefox is still open the WMF but it does require a bit more user interaction than IE – which requires zero. ;)
So the war isn’t over. But here are several suggestions that can only help the cause.
1) Always test any workaround before applying it to your network. This really applies to many things and it good all around advice.
2) Don’t trust one workaround to protection you totally. Apply the “Defense in Depth” idea to any threat. In the WMF case, this would include up-to-date antivirus on the clients and on the proxy edge. Use dynamic blocking of known sites with bad WMF using advanced (yet costly) proxy filtering software. Static block known sites if needed.
Here is an incomplete list
m.cpa4[dot]org
008k[dot]com
mscracks[dot]com
keygen[dot]us
dailyfreepics[dot]us
pornsites-reviews[dot]com
mmxo.megaman-network[dot]com
600pics[dot]com
Crackz[dot]ws
unionseek[dot]com
tfcco[dot]com
Iframeurl[dot]biz
beehappyy[dot]biz
Buytoolbar[dot]biz
teens7[dot]com
toolbarbiz[dot]biz
toolbarsite[dot]biz
toolbartraff[dot]biz
toolbarurl[dot]biz
buytoolbar[dot]biz
buytraff[dot]biz
iframebiz[dot]biz
iframecash[dot]biz
iframesite[dot]biz
iframetraff[dot]biz
iframeurl[dot]biz
No comments:
Post a Comment