Monday, January 09, 2006

Is WMF a trend?

Microsoft was indicating that the wmf vulnerability from last week was something new because it took advantage of a particular 'feature' of the format and wasn't a bug per se.

That's true, but it isn't the end of the story. Although the particular vulnerability in this case was unusual, Internet Explorer and other applications, such IM, iTunes, or anything that accesses the Internet can become an easy vector for this kind of attack. The defect may be unusual, but the mechanism for attacking could be replicated. There are a couple of trends going on here that make this easier than before. First of all, adware and spyware makers have set up fake websites, etc. to distribution their wares. Normally, they might use phishing attacks or email to convince unsuspecting users to download their spyware. With these kinds of code vulnerabilities, they can bypass the need for user interaction. Given this infrastructure exists, all they are waiting for is the next vulnerability and resulting exploit to surface in IE or other Internet facing applications to take control of thousands of systems or distribute bots and/or spyware.

Microsoft may fix up IE (and all its plug-ins???), but there are lots of other inet applications for an enterprising hacker to compromise for profit.


Post a Comment

<< back