Results 1 to 2 of 2

Thread: Windows XP users: Don't press F1

  1. #1
    Join Date
    Oct 2009
    Posts
    3,978
    Satfix Buxs
    3,040
    Thanks
    256
    Thanked 132x in 49 Posts

    Default Windows XP users: Don't press F1

    C & P
    By Christopher Null, yahoo.com

    If you're browsing the web today and see a notice that you should press the F1 key (the traditional button used to get "help" in any application), don't do it.

    Microsoft is warning of a brand new exploit that can cause computers running Windows XP and using the Internet Explorer web browser to become infected with malware at the push of a button: Specifically, the F1 button.

    The flaw is part of the way Visual Basic and Windows Help are implemented within IE, the upshot being that a clever hacker can code a dialog box that will allow the running of any code the hacker wants. Traditionally this means installing any kind of malware or virus on the victim's PC that a hacker desires.

    The good news is that this exploit isn't extremely dangerous because it does require user interaction to install itself. Unlike some recent exploits, merely visiting an infected website won't cause harm to your computer: You actually have to "push a button" to be affected.

    The bad news is that the F1 button has always been seen as harmless, more so than simply clicking "OK" on the average prompt you might see. When dismissed, the prompt can also be coded to pop up repeatedly, so getting rid of it might not be simple.

    Microsoft is advising users that, until a patch can be written and released, users are advised not to press the F1 key while web browsing. No matter how many pop-ups and alerts a user receives, as long as F1 is not pressed this attack will not succeed.

    Microsoft has not announced a timeline for the fix, but its next patch release is due on March 9. Hang tight, but don't ask for "help."
    .
    .
    .




    FORUM RULES

    Please don't PM me if not site related issues. PM'ing Staff with setup questions is against Rule#7
    If you can not say something nice then say nothing at all.

    .

  2. #2
    BiGBoYFTA2000 Guest

    Default

    Good good info bro,thnk you

    more info C/P
    The flaw has been found in systems running Windows 2000, Windows XP, and Windows Server 2003. Microsoft says the issue is tied to the way that Visual Basic Scripting, or VBScript -- which is used for executing functions found in web pages -- is linked with Windows Help files.
    Fake Dialog Box Requests Users Hit F1

    In the case of an attack, a victim using Windows 2000, XP, or Server 2003 would only need to visit a malicious web site where a dialog box would be presented, enticing users to press their F1 key. Once the key is pressed, the system is hijacked and malware is installed on the computer. (Source: pcworld.com)

    Typically, the F1 key is used to initiate the help function, so a play on this scenario may be employed by the hacker(s) involved in such a scheme.

    Users who've upgraded to more recent versions of Windows, including Windows Server 2008, Windows Vista, and the new Windows 7, will not be affected by the vulnerability.
    Microsoft Provides Workarounds

    Microsoft has provided a security advisory that outlines a number of workarounds for users of Windows XP or Windows 2000.

    The first and most obvious is to not hit the F1 key when prompted by any web site, since this is rarely a normal procedure when visiting a website. Secondly, users can restrict access to the Windows Help System, and they can also set their security settings to "high" in order to block ActiveX Controls and Active Scripting associated with the ploy. (Source: cnet.com)

    If users come across a site that asks them to click F1, it is recommended to use the Windows Task Manager by pressing CTRL + ALT + DEL on the keyboard, then select the Internet Explorer task using the mouse, and end it by pressing the DEL key.
    Last edited by BiGBoYFTA2000; 03-04-2010 at 01:09 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •