January 4, 2006 2:41 PM PST

Windows users swamp WMF patch site

Related Stories

Microsoft rushes out Windows patch

January 5, 2006

Beating Microsoft to the punch

January 4, 2006
A site hosting unauthorized protection against the Microsoft Windows Meta File flaw has been taken offline after being swamped by users trying to protect themselves from a growing list of threats.

Ilfak Guilfanov's personal Web site was switched off by his hosting provider on Wednesday morning after hordes of Microsoft users scrambled to download his unofficial patch against the WMF vulnerability, according to antivirus company F-Secure.

The site was temporarily closed as "half the planet tried to download WMFFIX_HEXBLOG.EXE" F-Secure reported in its blog.

At the time of writing, the unofficial patch is again available from Guilfanov's site. It's also available from the Sunbelt Blog.

Microsoft has advised businesses not to use the patch, as the company cannot guarantee it will work. But with no official patch due to be released until next week, security experts are urging businesses to use the unofficial patch because of the serious nature of the WMF vulnerability.

The WMF flaw can be used by malicious software to surreptitiously install spyware on a user's PC or allow a hacker to control the machine remotely.

Several attacks have been detected since late December, and on Wednesday, experts detected another Trojan horse that exploits the flaw. F-Secure warned that the Trojan was spreading in spam e-mails labeled as coming from Yale University.

To minimize risk from the Trojan, system administrators have been advised by F-Secure to block user access to the following:

• HTTP access to playtimepiano(dot)home(dot)comcast(dot)net
• TFTP (ie. UDP) access to 86.135.149.130
• IRC access to 140.198.35.85:8080
• IRC access to 24.116.12.59:8080
• IRC access to 140.198.165.185:8080
• IRC access to 129.93.51.80:8080
• IRC access to 70.136.88.76:8080

F-Secure warned businesses and system administrators not to visit the HTTP address.

 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.