Ok Bill, day 3? It's time for some editorial ranting here. So there is quite a bit going on with people unloading exploited DLL's and people claiming its too harsh of a move. While Susan does have a very good point in using the layered approach that I agree with, this is a little too severe to stop at the best effort security. Why? Because its not just about WMF. Any file format that the DLL in question opens is vulnerable. That means BMP, GIF, PNG, JPG, JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF and ICO could also be used in the exploit. Some of you have questioned why of why does every post come with a Firefox logo. Why? Make no mistake, the reason this is still an issue and I am writing the third post on it is because Microsoft has not done anything about it. Absolutely nothing. This is now day three and there is no hotfix. No patch. Nothing. I'm sure they are working very hard, that it takes a lot of time to test it, that there is a corporate documentation and QA team that needs to sign off on any code release, that…. that… Sorry, I almost choked on my Koolaid. What I meant to say is there is no patch and this closes yet another disappointing year in Microsoft's security strategy. Download Firefox, while they have security issues as will every other software, they are far more proactive and release updates much faster. And now that you know whose fault it really is that you're putting in overtime the day before the largest celebration on earth, lets look at the scum that is exploiting this issue: toolbarbiz.biz
toolbarsite.biz toolbartraff.biz toolbarurl.biz buytoolbar.biz buytraff.biz iframebiz.biz iframecash.biz iframesite.biz iframetraff.biz iframeurl.biz Before you do anything else, plug those URL's into your firewall and drop them. Those are the web sites that are using this exploit: Registrant ID: 6463915-SRSPLUS Registrant Name: Ezhi Brozkevitsh Registrant Organization: Ezhi Brozkevitsh Registrant Address1: Al. Armii Ludowej 24 Registrant City: Warszawa Registrant Postal Code: 00-609 Registrant Country: Poland Registrant Country Code: PL Registrant Phone Number: +21.225798400 Registrant Email: admin@buytraff.biz Most likely fake but at least it gives you someone to be angry at.
Whats on Vlad’s Mind?
For the less coherent, more grammatically correct realtime insight, follow me on Twitter at @vladmazek or on Facebook.