MSN-Worms exploit MS pif filter vulnerability

Published: 2006-09-23
Last Updated: 2006-09-23 23:03:34 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
Kaspersky's blog, always a great read, is reporting that there are some "epidemic level" MSN-Worms (see Do you like photos?) that "spread using links to .PIF files.". They go on to say;

"But some of you might remember that Microsoft blocked messages containing ".pif"?

Yes they have, but... the MS block is case sensitive!

So the criminals used capital letters, ".PIF" and the network filters let the message flow right through. Other variations like .Pif, .pIf, and so on also work.".

While you're there also check out their excellent Kaspersky Security Bulletin, January - June 2006: Malware Evolution released 09/22.

Thanks for the heads up Kaspersky!

And readers please remember (sticking tongue firmly in cheek) Microsoft says "Microsoft is aware of third party mitigations that attempt to block exploitation of vulnerabilities in Microsoft software. While Microsoft can appreciate the steps these vendors and independent security researchers are taking to provide our customers with mitigations, as a best practice, customers should obtain security updates and guidance from the original software vendor. Microsoft carefully reviews and tests security updates and workarounds to ensure that they are of high quality and have been evaluated thoroughly for application compatibility. Microsoft cannot provide similar assurance for independent third party security updates or mitigations."
0 comment(s)


Diary Archives