News about what is happening in technology today!

MessageLabs, the e-mail-filtering provider for the U.K. government, told ZDNet UK that targeted e-mails were sent to various individuals within government departments in an attempt to take control of their computers. The e-mails harbored an exploit for the Windows Meta File vulnerability.

The attack occurred over the Christmas period and came from China, said Mark Toshack, manager of antivirus operations at MessageLabs, who added that the e-mails were intercepted before they reached the government’s systems.

“The attack definitely came from China–we know that because we log the IP addresses. The U.K. Government was targeted but none (of the e-mails) got through. No one was affected. They were attacked, but they (the government) didn’t know about it until we told them,” Toshack said.

The vulnerability with the way that WMF images are handled by Windows was discovered in November 2005. In a WMF attack, exploit code is hidden within a seemingly normal image that can be spread via e-mail or instant messages.

Read more

Mark Russinovich, an independent Windows security expert, has analyzed the Windows Meta File vulnerability and suggestions that it might be an intentional back door.

“Steve Gibson (of SpinRite fame) proposed a theory in his weekly Thursday-night podcast last week that, if true, would be the biggest scandal to ever hit Microsoft–that the WMF vulnerability that drew so much media attention last month is actually a back door programmed intentionally by Microsoft for unknown reasons,” Russinovich wrote on his blog Wednesday.

“I finished my analysis… over the weekend. In my opinion the back door is one caused by a security flaw and not one made for subterfuge,” Russinovich wrote. “Given a choice of believing there was malicious intent or poor design behind this implementation, I?ll pick poor design… I’m convinced that this behavior, while intentional, is not a secret backdoor.”

He also provides a technical look at the WMF issue and Gibson’s claims.

Microsoft last week also discussed the problem and said it was not an intentionally created back door.

Steve Gibson alleges that the WMF vulnerability in Windows was neither a bug, nor a feature designed without security in mind, but was actually an intentionally placed backdoor. In a more detailed explanation, Gibson explains that the way SetAbortProc works in metafiles does not bear even the slightest resemblance to the way it works when used by a program while printing. Based on the information presented, it really does look like an intentional backdoor.

CNET News.com and ZDNet News report that security attacks over instant-messaging (IM) networks became more prevalent in 2005, according to a new study. MSN experienced the largest number of IM security incidents in both 2004 and 2005, while year-on-year incident growth rates were largest on AIM.

After less than a four days after original mailing list posting there are reports about a new Instant Messaging worm exploiting unpatched Windows Metafile vulnerability. This worm is using MSN to spread, reports Viruslist.com.