Handler on Duty: Rob VandenBrink
contact us
contact us
Your session is about to expire. Please reload or submit to avoid getting logged out.
| !@#$ My wife was on the computer and left me a "Present" |
| Keeping fingers crossed... |
| 4 systems: 2 re-imaged; 2 cleaned by clearing IE cache |
| We've seen six clients impacted out of 25,000 |
| I've followed the prudent ISC advice... |
| It is not a matter of if, but when. |
| And what the *blank* is Microsoft thinking by posting such irresponsible verbage? "...scope of attacks are not widespread." That's a BIT misleading. :( |
| "The future, according to Microsoft, is a wonderful, safe, chocolaty place." is my favourite quote now ^^ |
| Another reason I have a mac. |
| all linux-based computers in this house |
| Applied unofficial patch and deregistered DLL. I'm so glad we're a 90% UNIX house. |
| Bit worried about this, i cant authorise us to roll out the unaficial patch's. but ill end up with then work if we get hit. Why are Mr gates and crewe so untoucable? |
| We followed your advice and prepared. |
| Now I am afraid to use the internet unti next week. |
| AV caught 1 exploit but another one got though |
| so far to date we have received close to 1200 emails containng malformed images |
| switched to MEPIS/Debian Linux just prior to the vulnerability became public. |
| and all available "patches"/quick fixes have been applied, including proxy |
| Applying the patch before we see anything come up. |
| We have a large network. We saw activity almost immediately. |
| But I'm sure I will between now and Jan. 10 |
| Avast Free Version. |
| two workstations |
| User education has been key!!! |
| Yes, I have been impacted. I just read Tom Liston's "Oxy-morons" article and fell off my chair because I was laughing so hard. I am sending this via my Blackberry while enroute to the hospital in an ambulance. |
| Not that I know of. |
| Users have it at home |
| Not a single instance. Knock on wood! |
| Only Linux and Macs in here. :D |
| Antivirus and Intrusion Prevention Systems blocked the exploit |
| and sure hope responding to this survey will not jinx me!!! ;-) |
| Used Ilfak Guilfanov path on 3000+ systems |
| All personal/home machines running Ubuntu 5.04/Ubuntu 5.10; not vulnerable. |
| Used the unofficial patch; Now have M$soft's installed |
| and suddenly all the hassle of running Linux on a desktop became worth it |
| I purposely infected a vmware session to see what it would do. It was very ugly. |
| But I do have the MS patch now. |
| Very nasty.... sales guy got infected while reading a respected news site. Installed so much stuff we gave up and formatted the box. It was up to date on definitions and patches. |
| Using Windows 2000 (and un-registrated the DLL) |
| Aren't you all tired of Windows yet? |
| 350 systems down.Thank you MS - board says we go all Linux by Q3/2006 |
| Not even sure if I'd know if I got it. |
| 16 systems since sept. 9th - no one listened !!! |
| SANS is irresponsible for endorsing an unofficial patch! |
| 5 out of 7 sites with nearly 60 desktops affected. Far too late on the patch from Microsoft, |
| Does OSX count as a "other defenses"? |
| But patched over a hundred systems Jan. 2. |
| "How does one spot an infected PC?" Trust me, you'll know |
| A user was fooled by a fake greeting card and admitted that they deleted the advisory sent by the IT security staff and further dismissed the antivirus popup without reading it |
| Applied the WMF fixes Jan 3rd. |
| Also add FedoraCore4 and Mozilla to 'other defenses'? |
| Yet is the important word here :) |
| Believe it or not, my ClamXav antivirus program on my Mac PowerBook running OS X 10.4.3 caught it before I could load it. |
| thanks for the fix |
| Awful protection saved me http://forums.somethingawful.com/showthread.php?s=&threadid=1759903 |
| I've had firefox ask me what to do with WMF files. |
| Accessed the test exploit from the blog. Was blocked by ISS Proventia Desktop. |
| Nothing yet. |
| customers home system |
| Announce BOT on IRCnet tried and failed |
| That we know of |
| AV and IPS blocked this |
| Yes, but it was on an emulated machine so it didn't affect us |
| Viewing an image on Google Images |
| So far, the spam filters are about the only thing to have seen it. |
| 2 out of 200 were hit. Nasty. |
| amazing that MS only took 4 times as long to develop a patch as a single individual... |
| Blocked by our ISS G400 IPS |
| 4 systems today, University |
| VM infected. Backtrace completed, jonkman rules loaded for bleeding-snort!! |
| We have about 5000 windows pc in our environment and we haven't seen a single one. |
| av reported the infection but not sure if it blocked it |
| so far, >100 hits |
| Symantec Antivirus Corporate Edition identified it as Bloodhound.exploit.56 |
| Firefox with BitDefender 9 saved it. Firefox blocked it and my AV deleted the file downloaded to me |
| Used Ilfak's Patch |
| ... but I installed the hotfix just to be on the safe side. Thank you! |
| aol client mishap |
| But how would I know if I'd been hit? |
| How does one spot an infected PC? |
| had to reinstall windows to fix |
| not vulnerable to wmf |
| we are 100% linux |
| Just a matter of time. |
