Sorry to be off-topic, but I just wanted to give everyone a head's up about the nasty Windows "WMF" malware/virus that is hitting the internets hard this week. It may turn out to be one of the worst viruses ever.
You can get infected with the WMF malware just by looking at a web page with IE, or reading an email or Instant Message that contains an infected image (depending on the program you use).
Metafilter has details and links to an unofficial patch. (more info on the flip...)
Note this quote from an information security specialist on a
SlashDot thread:
I do infosec stuff at a well-known corporation, including Incident Response, and I've been following this closely & working on our response. ... This is looking truly horrible. On Tuesday morning zillions of Windows desktops will be fired up for the first time in a week or two. This thing's already in widespread use by a number of malware distribution networks for the usual reasons. As such it's a nightmare for network and system admins with Windows machines to look after (and us security people trying to provide advice & assistance for them...) ... I will stick my neck out here and make a prediction. Virtually all organisations with Windows machines are effectively wide open to total compromise by a reasonably informed person.
Lastly, there's a
FAQ posted at sans.org that has info on protecting your system. A highlight from the FAQ:
The WMF vulnerability uses images (WMF images) to execute arbitrary code. It will execute just by viewing the image. In most cases, you don't have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by some indexing software. Viewing a directory in Explorer with 'Icon size' images will cause the exploit to be triggered as well.
This has definitely caught my attention...