There's one important point that you seem to be deliberately ignoring here; Blaster was a self propagating worm. What we're talking about here is a vulnerability with little/no scope for automatic propagation. User interaction is required for almost every infection vector.

Once a user's PC is compromised, it isn't able to automatically infect every other machine on the same network in the way Blaster, Sasser etc. were.

From a corporate perspective (which I acknowledge isn't the only relevant PoV here), incoming e-mail is typically filtered using heuristic scanners that will detect malformed WMFs, users aren't often able to download executable files from the web, users aren't normally logged in with administrative privileges, IM & P2P are most often banned, and desktop A/V will detect the well known backdoors that current exploits attempt to download.

Home users who routinely visit dubious web sites touting free software, movies and adult content are the only ones at any real risk, but they're always at risk given the number of web-browser oriented exploits in the wild. This vulnerbility changes nothing.

We've all seen this sort of hysteria before when image processing vulnerabilities relating to JPEG, PNG and WM Files have been identified in the past. Nothing bad happened.

And as for reading what F-Secure and Symentec are saying - get real. Everyone knows you lot have a vested interest in pumping out this kind of FUD just to shift a few more subscriptions of your bloated and ineffective scamware. The anti-virus industry was historically responsible for fuelling the entire virus problemm, and have done nothing useful to remedy things in recent years.

Where is Rob Rosenberger when you need him?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/377/32893#32893