Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Hackers lurk in AMD Web site

Forums were compromised and used to spread a WMF exploit

By Robert McMillan
January 30, 2006 12:00 PM ET
Recommended
(0)
Digg
Share/Email

IDG News Service - Users of Advanced Micro Devices Inc.'s microprocessors may want to think twice before looking for technical support on the company's Web site. Customer support discussion forums on the forums.amd.com site have been compromised and are being used in an attempt to infect visitors with malicious software, an AMD spokesman confirmed Monday.
The problem was first reported Monday in a blog posting by Mikko Hypponen, manager of antivirus research at F-Secure Corp. in Helsinki. As of Monday morning, AMD technicians were still working to resolve the problem, according to AMD spokesman Drew Prairie.
Because AMD had just learned of the problem, Prairie could give few details on how the site was compromised or when AMD expected to have the issue resolved. "It's being worked on and corrected," he said.
According to F-Secure's Hypponen, attackers are exploiting a widely reported flaw in the way the Windows operating system renders images that use the WMF (Windows Metafile) graphics format. This flaw was patched on Jan. 5, so users who are running versions of Windows that have the latest patches installed are not at risk, he said.
Attackers have figured out a way to use AMD's forums to deliver maliciously encoded WMF images to visitors, which are then used to install unauthorized software on the unpatched systems, he said.
In this case, the software appears to be a number of different malicious tool bars. "Most of the tool bars show pop-ups, follow your search and other keyword activity, and use that to target ads to you," Hypponen said. "It's for-profit hacking. Somebody is making money from each machine that is hit by these tool bars."
Because of the nature of the WMF vulnerability, however, hackers could install any type of software they wanted on unpatched systems, he said.
How the attackers were able to compromise the AMD forums is unclear. Hypponen said that the AMD server could have been hacked, but that the problem could also be due to an intrusion at an AMD partner Web site or at an ISP, he said.
These kind of WMF exploits have already been seen on a number of Web sites, but AMD is the most high-profile victim, Hypponen said. Because users tend to trust content being served by known Web sites like AMD, the hack is particularly troublesome, he added.
Ironically, AMD Web site visitors who are using chips that support the new DEP (Data Execution Prevention) feature, which prevents software from running where it doesn't belong, are probably protected from the WMF malware, Hypponen said."If you are running an AMD processor with DEP enabled, it likely protects you from the vulnerability that hit you from the AMD site."


Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.

Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

POLL RESULTS
Leading IT Pros Weigh In on Top IT Issues
Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz.
WHITE PAPER
For Best Results, Think Beyond the Box
Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now!
WHITE PAPER
Accelerating the Path to Demand Intelligence with a Demand Signal Repository
Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today.

White Papers & Webcasts

How Controlling Access to Privileged Accounts Can Keep Insider Threat from Hurting Your Bottom Line
This white paper explores insider attacks and insider risk, and shows how to control them by controlling and monitoring access. The paper describes...  

Usability Is Everything
Learn what sets Workday's HR and Payroll solutions apart from the competition....

Military Uses Bit9 Parity to Defend Against New Generation Attacks
When a military organization faced an exercise, in which there was an attempt to breach and infect the network, they decided to use...  

The Value of Real SaaS at Workday
Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll....

Eliminate Spam, Gain Productivity
In this exclusive whitepaper, learn all about the dangers of spam and the cost to your business....  

SaaS at Flextronics, Inc.
Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution....

Accelerate SSL Encrypted Applications
The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...  

Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...

ESG Lab Field Audit
Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...  

Agile Enterprise Content Management (ECM) for Rapid ROI
Find out how combining ECM and BPM will help adress issues about content rich business processes....

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 

Symantec Report on the Underground Economy
The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed.
Download this white paper 
Data Loss Risks During Downsizing
With the dramatic increase in lost jobs, companies should be aware of the possibility that these employees may be walking off with their sensitive and confidential data. An independent study done by the Ponemon Institute surveyed employees leaving their jobs and taking company data with them. This type of data loss problem may be putting companies at risk for a potential data breach. This study will help you to understand what employees are doing with the data on the laptops their employers provided them.
Download this white paper 
3 Steps to Protect Confidential Data on Laptops
Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft. This report outlines specific steps to help you secure confidential data and minimize the impact of data loss resulting from stolen or missing laptops.
Download this white paper 
Managing Spend on Information Security and Audit for Better Results
The benchmarks conducted by the IT Policy Compliance Group show almost all organizations have financial incentives exceeding 100 percent to make improvements to reduce financial risk from data loss, downtime and regulatory audit. This report includes findings covering the principal operational outcomes being experienced by organizations, financial risks, losses and returns, and the practices making the most difference to control risks, reduce costs, and improve results.
Download this Report! 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.