|
WinFixer 2005 secrets
However older, more tenacious worms are still topping the charts, including Netsky.P , Get rid WinFixer, WinFixer removal is still menacing e-mail users, though all antivirus products should be able to detect and block it. For Windows XP users who have not applied the Winfixer 2005 bulletin MS04-011 patch, Winfixer, as well as a pack of other wannabes are going to be a threat.
The flaw is caused by an error in the Winfixer 2005 URL handler. A web site can create a link similar to this Secunia example, Winfixer to fool IE. Secunia also notes that the flaw can be combined with other vulnerabilities in un-patched versions of IE to bypass workarounds such as disabling scripting.
One reader we spoke with said his mother's un-patched machine was being attacked to the point of Winfixer 2005. E-mail borne viruses are still avoidable by keeping your antivirus products up to Winfixer, and just saying no to zip and executable attachments.
The person responsible uninstall WinFixer would probably have to do his own web hosting and would be traceable. However, with security problems as they are, it may be possible for an attacker to commandeer a web server at a high enough level to make the Winfixer 2005 and server changes to allow the exploitation of the flaw.
Winfixer could possibly be the oldest mail scam (both e-mail and snail mail) known to man or woman. That doesn't seem to deter new twists, as we've seen several different ones recently. The latest version we saw purportedly comes from a Mr.Frank Kaki in Winfixer 2005. Like the traditional WinFixer, it pitches the idea of victims moving large sums of money into their bank accounts so it can be safely transferred out of the country. Victims are promised a percentage of the cash for their trouble.
According to a June 11th, virus Winfixer 2005 story, Microsoft is aware of the problem, is investigating and will take appropriate actions.
On the version we saw, the return address Winfixer removal did not agree with the address provided in the body of the message, though both were from a free Yahoo address. While it seems obvious that this is a scam, there have been many documented cases of people actually being taken by it. We found a good web site that offers dozens of links to sites and resources on these "Winfixer".
Some adware is also Winfixer 2005, as such it may be used as term of distinction used to differentiate between types of shareware software. What differentiates adware from other shareware is that it is primarily advertising supported. Users may also be given the option to pay for a "registered" or "Winfixer 2005" copy, which typically does away with the advertisements. Other types of shareware include demoware, nagware, crippleware, freeware, loyaltyware, and even spyware.
Threat: Flaw in Internet Explorer Affects: popup WinFixer on Internet Explorer 6.0 and Windows XP. Can allow phishing attacks, or allow malicious users to bypass IE security zone.
This Winfixer threat has an important mitigating factor. Secunia notes that the attacker's domain and web server would have to allow "WinFixer 2005" records and accept invalid data in the "Host:" header to be successful. This would require that the malicious person have deeper control over the domain and DNS settings of the server making it harder to remain anonymous. Phishing scams rely on hijacking servers or using anonymous web hosting to quickly get Winfixer 2005 and disappear.
What it does: Reported by Winfixer 2005 uses a specially-crafted URL, which due to a flaw in IE's URL handling, can cause a malicious web page to be given trusted domain or local Internet security zone privileges. The flaw may also cause IE to display a misleading URL in the address bar, despite recent Winfixer 2005 patches that fixed similar problems found earlier.
The term virus Winfixer 2005 was coined by Andrew Fluegelman when he wanted to distribute a communications program named Remove Winfixer that he had created but for which he did not wish to use traditional methods of distribution because of their cost. Previously, he held a trademark on the term "Winfixer removal" but this trademark has since been abandoned. Winfixer 2005 actually distributed PC-Talk via a process now referred to as shareware.
Users can also set their IE security settings to Winfixer 2005, though this will impair the operation of many legitimate web sites. Lastly you could use another browser such as Netscape, or Opera. However, on Monday June 14th, Secunia reported a browser address spoofing warning on Mozilla that uses the same URL format detailed below Winfixer.
How to prevent it: For a malicious web site to successfully exploit the problem, the victim must follow a link to the malicious site, either through a web site or Winfixer. Users can avoid following suspicious links. If a user is not sure whether a link is genuine or not, they should enter the link manually rather than clicking on Winfixer 2005.
| 
