Russian expat solves Microsoft security threat
5 January 2006, BRUSSELS — A Russian expat working in Belgium for an IT firm has discovered a temporary solution to what is being described by Belgian media as the greatest computer security threat ever.
5 January 2006
BRUSSELS — A Russian expat working in Belgium for an IT firm has discovered a temporary solution to what is being described by Belgian media as the greatest computer security threat ever.
Ilfak Guilfanov graduated from the Moscow University in 1987. Since 1999, he has been working for the Liège-based firm Datarescue. He wrote IDA Pro, a popular software package the IT world uses to track viruses.
And when Guilfanov read on US websites last week the first reports about a particularly dangerous security leak in Windows, he quickly decided to write up a solution.
Guilfanov then wrote a program (called a patch) aimed at protecting his own computer, newspaper 'Het Nieuwsblad' reported on Thursday.
The patch blocked possibly damaging Windows Meta File (WMF) bug files so that hackers could not gain control of his computer. Guilfanov published the patch and its source code on his weblog.
But when it became clear that Microsoft could not immediately come up with a solution for the security threat, Guilfanov's patch was tested by research firm Internet Storm Centre and anti-virus company F-Secure.
Both firms said it was reliable and advised internet users to use Guilfanov's patch while waiting for an official Microsoft patch.
In turn, Guilfanov's weblog could not cope with the huge number of hits as internet users sought to use his patch. Dozens of other website are now offering it.
Meanwhile, the official Microsoft patch will not be ready until 10 January.
It will need to stop WMF bug files helping hijack PCs. Discovered on 27 December, bug files can be launched if users visit booby-trapped websites or open malicious email attachments.
But Microsoft played down the seriousness of the security problem, stressing it had been "monitoring" attempts to exploit the bug.
"Although the issue is serious and the attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is limited," the software giant said.
Some 73 variants of the WMF bug have been detected across the globe in recent days, but almost every anti-virus programme is now equipped to block the dangerous files.
However, security researchers remained concerned about the bug. The problem is caused by the way that many versions of Windows treat graphics, meaning the bug can exploit shortcomings in this Windows system.
Vulnerable versions of Windows include ME, 2000, XP and Server 2003.
[Copyright Expatica News 2006]
Subject: Belgian news