StateCop

http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 Over the last 24 hours, we've seen three different WMF files carrying the zero-day WMF exploit. We currently detect them as W32/PFV-Exploit.A, .B and .C. Fellow researchers at Sunbelt have also blogged about this. They have discovered more sites that are carrying malicious WMF files. You might want to block these sites at your firewall while waiting for a Microsoft patch: Crackz [dot] ws unionseek [dot] com ww w.tfcco [dot] com Iframeurl [dot] biz beehappyy [dot] biz And funnily enough, according to WHOIS, domain beehappyy.biz is owned by a previous president of Soviet Union: Registrant Name: Mikhail Sergeevich Gorbachev Registrant Address1: Krasnaya ploshad, 1 Registrant City: Moscow Registrant Postal Code: 176098 Registrant Country: Russian Federation Registrant Country Code: RU "Krasnaya ploshad" is the Red Square in Moscow... Do note that it's really easy to get burned by this exploit if you're analysing it under Windows. All you need to do is to access an infected web site with IE or view a folder with infected files with the Windows Explorer. You can get burned even while working in a DOS box! This happened on one of our test machines where we simply used the WGET command-line tool to download a malicious WMF file. That's it, it was enough to download the file. So how on earth did it have a chance to execute? The test machine had Google Desktop installed. It seems that Google Desktop creates an index of the metadata of all images too, and it issues an API call to the vulnerable Windows component SHIMGVW.DLL to extract this info. This is enough to invoke the exploit and infect the machine. This all happens in realtime as Google Desktop contains a file system filter and will index new files in realtime. So, be careful out there. And disable indexing of media files (or get rid of Google Desktop) if you're handling infected files under Windows. --- There's a new zero-day vulnerability related to Windows' image rendering - namely WMF files (Windows Metafiles). Trojan downloaders, available from unionseek[DOT]com, have been actively exploiting this vulnerability. Right now, fully patched Windows XP SP2 machines machines are vulnerable, with no known patch. The exploit is currently being used to distribute the following threats: Trojan-Downloader.Win32.Agent.abs Trojan-Dropper.Win32.Small.zp Trojan.Win32.Small.ga Trojan.Win32.Small.ev. Some of these install hoax anti-malware programs the likes of Avgold. Note that you can get infected if you visit a web site that has an image file containing the exploit. Internet Explorer users might automatically get infected. Firefox users can get infected if they decide to run or download the image file. In our tests (under XP SP2) older versions of Firefox (1.0.4) defaulted to open WMF files with "Windows Picture and Fax Viewer", which is vulnerable. Newer versions (1.5) defaulted to open them with Windows Media Player, which is not vulnerable...but then again, Windows Media Player is not able to show WMF files at all so this might be a bug in Firefox. Opera 8.51 defaults to open WMF files with "Windows Picture and Fax Viewer" too. However, all versions of Firefox and Opera prompt the user first. As a precaution, we recommend administrators to block access to unionseek[DOT]com and to filter all WMF files at HTTP proxy and SMTP level. F-Secure Anti-Virus detects the offending WMF file as W32/PFV-Exploit with the 2005-12-28_01 updates. We expect Microsoft to issue a patch on this as soon as they can.

Private that sounds like my house when I get upgrades. Nice gifts btw!

about "tree fitty" in cash or $350 cash. Several gift cards to eating places...like I need that...lol. Some clothes ect ect ect........ My wife and I didnt exchange gifts. We used the money to adopt two little old people at the retirement home without family. We try to do this every year now rather than spend money for each other when both have way to much anyway. I have found as I get older I enjoy it better the more I can do for others and spending time with my family. If you would have ask me that a few years ago I would have laughed at the very thought.

That could be signs of adult ADD or ADHD. I really gets under my skin too! I dont take anything for it but I fit the mold exactly. You should do some research online to see if you have it too. I struggled with it through school and learned to deal with it more in college where my grades went WAY up after reading on this some. Here is a link http://www.add.org/articles/worktraps.html

just as long as we dont have to hear the music like years past

Here is the original page that has many more of these from this group called pure pwnage. http://www.purepwnage.com

I thought that at first but there wasnt enough " !!!!!!!!!!!!!!!! " or all caps. His manifestos ran on for pages on pages without making more than two paragraphs this guy did a line by line.....no....no... It couldn't be him, no this person as warped as they sound for power doesnt hold a light to that Alpha. :o UNLESSSSSSS...it could be him on a lot of Paxil and Zoloft...nah on second thought they dont have that much on stock. :o

I think they were glock 18s but I couldnt tell for sure. I am not aware of that many full auto pistols. The ones in counter-strike that should be full auto or semi.

Ok I need to go to one of those

I like family guy but that was well....what Marshal said.

Check with Fatman or Jasun they are the two Linux Gurus I know around here. There maybe more...I wish I could tell you more but I am learning myself.

Lets just say you better be willing to learn if you got to linux. I suggest putting it on an extra system. The requirements are very low so almost anything will run it. That is the way I am learning. You could do a dual boot but I wouldnt bother.

It is telling me 32.39 is the total...How do you get the discount? nevermind I am blind..... HOLIDAY1105 256MB Digital Audio Player SA238/17B $29.99 1 $29.99 Additional Discounts These special offers or discounts also apply to your order total. 2005 Holiday Sale - 10% Off -$3.00 Subtotal $26.99 Tax $2.16 Total $29.15 I guess the tax is higher here.... It is on the way!

It is telling me 32.39 is the total...How do you get the discount? nevermind I am blind..... HOLIDAY1105 256MB Digital Audio Player SA238/17B $29.99 1 $29.99 Additional Discounts These special offers or discounts also apply to your order total. 2005 Holiday Sale - 10% Off -$3.00 Subtotal $26.99 Tax $2.16 Total $29.15 I guess the tax is higher here.... It is on the way!

My daughter is wanting an MP3 player for Christmas. Thanks for posting this! I was looking at one for twice that and didnt look as nice. Thanks again for the link!

My daughter is wanting an MP3 player for Christmas. Thanks for posting this! I was looking at one for twice that and didnt look as nice. Thanks again for the link!

I didnt think the Add on come out until this coming week?

I didnt think the Add on come out until this coming week?

I dont think the private schools go to the same super 6 do they? He is down around Selma. My old home town got knocked out last week. How is Oxford doing?

I dont think the private schools go to the same super 6 do they? He is down around Selma. My old home town got knocked out last week. How is Oxford doing?

When you have to wear that vest and belt every day it plays hell on the back and neck. I miss patrol sometime but then I stop and think about that crap. I used to have a lot of back problems around my upper back/lower neck. They said it was from the vest and belt. Mine never went totally numb but I would get ice cold chills down my arm. Sound a lot a like...did they say what caused yours?

When you have to wear that vest and belt every day it plays hell on the back and neck. I miss patrol sometime but then I stop and think about that crap. I used to have a lot of back problems around my upper back/lower neck. They said it was from the vest and belt. Mine never went totally numb but I would get ice cold chills down my arm. Sound a lot a like...did they say what caused yours?

hehhehe No problem here PCI-E 7800GT (256MB) AMD64 3700+ (San Diego) 2 GB DDR400 :peace: smooooooth as silk....

hehhehe No problem here PCI-E 7800GT (256MB) AMD64 3700+ (San Diego) 2 GB DDR400 smooooooth as silk....

I dont know Mac it is not even close to me. What made FA to me was being able to pick everything from kevlar to each weapon...then based on skill upgrades you could do other stuff. That is what made FA to me...I know it sounds crazy since I was one of the big anti-FA people. If they had the graphics like posted in that pic I would still be playing.