The numbers come mostly from porn sites that use a low brow ad network that
is inserting the graphics into the sites. If you really want to see one, go
to 600pics[dot]com, but be forewarned of hardcore porn.
I haven't seen any reports of innocent sites being affected by this.
Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blog.ziffdavis.com/seltzer
Contributing Editor, PC Magazine
larryseltzer@ziffdavis.com
-----Original Message-----
From: Brady McClenon [mailto:BMcClenon@uamail.albany.edu]
Sent: Friday, January 06, 2006 11:29 AM
To: Drew Simonis; Thor (Hammer of God); Erin Carroll;
pen-test@securityfocus.com
Cc: Larry Seltzer; focus-ms@securityfocus.com
Subject: RE: New article on SecurityFocus
Just curious. I hear media reports and people saying that there's hundreds
or thousands of compromised web site from this, but I have ask where these
numbers come from? Where is this data, or is it pure speculation? I'm also
curious how one could compromise a web server with this exploit. Putting
files on a web server to dole out and compromise other computers I can see,
but is the web server really compromised in this case? If so, was it by way
of the WMF exploit?
One last question: Has anyone here experienced or know anyone that has a
"legitimate" web server compromised (or serving out) by the WMF exploit.
I'm trying to determine if there are those with actual knowledge that the
sky is indeed falling, or if we are all shaking over unsubstantiated media
hype.
-----Original Message-----
From: Drew Simonis [mailto:simonis@myself.com]
Sent: Friday, January 06, 2006 10:22 AM
To: Thor (Hammer of God); Erin Carroll; pen-test@securityfocus.com
Cc: Larry Seltzer; focus-ms@securityfocus.com
Subject: Re: New article on SecurityFocus
Overall, I think community's coverage of wmf has been delivered with
an ounce of perception, and a pound of obscurity. It's almost as if
people *want* it to be worse than it is. I'm not surprised, of
course. But regardless, my call is that we'll see a little
activity here and there, the patch will come out, most will install
it (or have it installed automatically) and the whole issue will
fade away. But that's all.
We'll know for sure shortly, either way.
Thor,
I think your path of thought is stuck a bit in the past.
Worms are neat as a technical exercise, but we see more and more that
the attackers are increasingly aware of the value of these
vulnerabilities from a financial perspective, not merely for
notoriety. As such, it benefits the attacker to have a less subtle
attack, one that does not sensationalize the vulnerability.
Complacency is their ally.
That said, there are already numerous (hundreds+) "legitimate" web
sites that have been compromised and had exploit images injected into
their content. There are also already hundreds of thousands of
machines that have been infected with Trojans or bots. These infected
machines will patch, but they won't be safe, and the problem gets
worse.
So no, there won't be some catastrophic worm event. But I posit that
what there will be could be much worse.
--
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
