Today's "You're an IDIOT" award goes to...
Anybody who embedded Robin Schuil's graphic into their blogs.
Info about the graphic:
<Cue Rick Springfield singing "Don't talk to strangers...."> No!! No Springstein!! Springfield!!
Seriously people... think about this... how hard would it be to replace an innocuous animated GIF with... say, a WMF exploit???
Have a look at the spread of this allegedly innocent prank:
For heavens sake people WAKE UP TO YOURSELVES!!!!
I don't know Robin Schuil... I've never met Robin Schuil.... therefore I don't trust Robin Schuil. You should not trust Robin Schuil.
Let me ask you something... what is the NUMBER ONE reason that viruses and malware spread so easily? Why are so many people infected with crap via email or freeware? (Fair warning - the first person to blame Windows will be hit over the head with my freshly charged flamethrower).
I'll tell you the answer - trust combined with naivity (aka Social Engineering). It simply doesn't occur to us that some complete stranger who is offering something that *looks* fun or funny could possibly have an ulterior motive.
"Ah, but its a GIF, not a WMF" I hear you say.... well, check this out from the Security Bulletin for the WMF exploit:
"The only image format that is affected is the Windows Metafile (WMF) format. It is possible, however, that an attacker could rename the file name extension of a WMF file to that of a different image format. In this situation, it is likely that the Graphics Rendering Engine would detect and render the file as a WMF image, which could allow exploitation."
Ok, so I'm not saying that Robin Schuil is a bad person; I'm not saying that this particular case is an attempt to infect the world by stealth.
What I *AM* saying is that we have to grow up - social engineering is how the bad guys spread. Trust is how the bad guys spread. Did *anybody* who added this script to their Blogs ask themselves what they know about Robin? Did any of them ask what would happen if virus.gif was replaced with virus.wmf? Don't fool yourself into thinking that renaming a WMF file as GIF will stop an exploit from working.... MIME handling enforcement wasn't introduced until XP SP2:
What do you think will happen *when* (not IF) a bad guy followed Robin's lead and used the same innocent "this is fun" trick to convince people to help spread malware or crapware?
Edit: Something else occurs to me. When I last checked Robin was publishing links to pages that have added a blogworm; any one of those sites could take the opportunity to use the gif as a lure and embed a security exploit on their page.