News today: Don't Panic

It would seem all that I was shouting about and had people shuting back at me for being chicken liken, seems to have unfortunately come to the attention of LL.

you only need to open someones profile for that page to begin to load and cache.... you didn't even need to click anything, you gave global permissions for anything to be loaded onto your system by opening up their profile!!!!

You misunderstand the issue... as I pointed out, if you open someones profile that has a webpage linked into the web tab of their profile, which also (for the purposes of example) includes background music, you will hear that music. All you have done is openned their profile, not even clicked on the web tab, yet this code delivering a music file onto your system, begins without intervention. How long do you think it will be before someone who does malicous things, is going to see this potential exploit in the client?

As the vast majority of the SL community rely on openning profiles, this requires attention.

Short term fix: Uncheck 'auto load' in the web tab of profile, do not allow cookies and or browser cashes to load onto your system via the SL client.

It would seem all that I was shouting about and had people shuting back at me for being chicken liken, seems to have unfortunately come to the attention of LL.

/128/2b/204030/1.html

I had asked this to be made sticky, but guess it wasn't hot news back then. Nobody likes to be right about bad news, but whats more painstaking, is that despite the overwhelming evidence I gave in the numerous posts I made, no one bothered to listen.

This 'latest' exploit, although historically ver very old, effects rstp, turning that off (assuming you don't have Vista which locks it all), should perhaps make you sleep soundly, but I wouldn't put that as a safety thing. If you already have a bit of maleware (and 95% of systems connected directly to the intenet (not behind a corp firewall from a intranet) are already infected), that is probably feeding/sharing off your connection as you read this post. Your chances of infection are greatly increased if you frequent a Web 2.0 website (MySpace, YouTube etc..). Anyone can place unchecked media onto a Web 2.0 website and piggyback exploits onto your system beneath your firewall, and past your virus checkers etc.
Some Tell Tale signs:
When you play media in the quicktime player, open a movie inspector window, and the desktop icons begin to flash and text becomes corrupt... thats an exploit taking advantage of the icon cache to compile itself.
When you play media files in the QT player, and you close the window, you get a message, 'buffer overrun'.... thats exploit code just finished using the buffer overrun memory to compile itself.
QuickTime starts complaining that formats like mp4, mp3, mov aren't native formats and crashes the player.
There are quite a few more besides.

What can you do?

1) Hold tightly to your butt....If this is the first time you noticed any of the above behaviours, restore windows by at least 30 days. Dumping ANY media you have downloaded in the past 30 days.
2) Grab a copy of this: http://www.grisoft.com/doc/download-free-anti-rootkit/us/crp/0 install it, reboot.
3) Uninstall all media players (including windows media player, it will roll back to the default version), emptying EVERY cache (including SL's) and cookies, history etc...
4) Make sure you always choose 'Custom' in the windows update, and install any software and hardware updates.
5) Cold reboot into Safe Mode (windows), run deep scans with virus checkers, anti-maleware etc.
6) Install fresh copies of your players, one at a time and always reboot between each install.
7) Don't run IE and FireFox on the same system, a certain exploit can use the cache of the one not being used, to gather information about you and your system.
Don't click on links in emails, you cannot tell if they are redirecting you until it is too late, IE will decypher the DNS of a link, if you paste it into the url box directly, always check the Status bar in IE, for the translated address from a link.
9) Windows again (sorry Mac and Lunix users), Control Panel, Firewall icon, open it and click the Exceptions Tab, UNCHECK EVERYTHING in there, except maybe.. SLVoice (try it without checking it).

If you want to know an easier way to become infected in SL.... the Web tab in anyones profile. You don't need to actually click that tab, just by opening someones profile, that has an active webpage, will be a easier way for someone to infect you. For a very few ppls, they have cute background music running from their index.html webpage, as soon as you open that page, the music begins to play, but wait... you only need to open someones profile for that page to begin to load and cache.... you didn't even need to click anything, you gave global permissions for anything to be loaded onto your system by opening up their profile!!!!
Imagine the music being malicous code.. you wouldn't hear it, and you don't think you gave it permissions to run on your system, but you did!
Forget the QT exploits, profiles are used daily by 99.9% of users in SL.

QFT???, whats that?