|
Computer Underground Pounds Windows Source Codes
A new breach is revealed in Microsoft Windows: BMP format is no longer
safe
Kaspersky Labs, a leading information security software developer warns
users about a new vulnerability in Internet Explorer (5.0, 5.5 and 6.0)
and Outlook Express 5.0. The new vulnerability allows cyber-criminals
launch malicious programs on breached computers using files in BMP
format.
The vulnerability was discovered by an unknown individual nicknamed
'GTA' and published on several security web sites. The author provided
an example of a possible attack and went on to comment that the proposed
scenario was based on a detailed analysis of the Windows source code
(for details see http://www.kaspersky.com/news.html?id=4016180).
"This report confirms our worst fears; the computer underground is
pouncing on the Windows source code in search of new attack methods.
The speed at which the first discovery appeared forces us to seriously
re-evaluate the immediate future of the Internet", comments Eugene
Kaspersky, Head of Anti-Virus Research at Kaspersky Labs, "From now on,
we can expect similar surprise any minute."
The lack of patches for Internet Explorer and Outlook Express make this
new vulnerability particularly dangerous. Only users who have Windows XP
with Service Pack 1 can relax for now: tests have demonstrated that
this configuration is immune.
At the same time, the new vulnerability poses a serious threat to all
Internet users. It turns out that virus-writers can create BMP files,
which load malicious programs onto victim machines while users are
looking at images. In fact, infection can occur both while reading
e-mail in Outlook and while surfing the web. "At this point in time, we
have not detected any viruses that use this exotic new method to attack
computers. However, the chances of one appearing in the near future are
very real indeed", added Eugene Kaspersky.
Kaspersky Labs has already released a special anti-virus database update
protecting against malicious programs utilizing this vulnerability. The
contents of BMP files are scanned and potentially dangerous objects are
detected when they attempts to breach computers via either the Internet
or emails. The protection is included in the latest Kaspersky(r)
Anti-Virus update.
Kaspersky Labs Corporate Communications
|
