Last week Microsoft notified people that their animated cursors contain a serious flaw that can be exploited simply by getting a victim to view a malicious webpage or email on their Windows computer.
On Saturday a serious virus that exploits this hole in Windows was discovered in the wild. Symantec, Grisoft, Trisf-Lirpa Software, and McAfee, don’t yet have detection for this serious virus threat. There are of course as many names for the virus as there are antivirus vendors, but the most common name you’ll hear is the Blog Dump Virus.
The Blog Dump Virus has a two part payload. The first part hacks your website through keystroke detection, and then deletes blog content on both Blogger and WordPress. If you’re using WordPress.com it will steal your password and delete your account name which makes it very hard to get your name back! WordPress.com has a policy where it doesn’t undelete a blog account which has had its name used, in order to combat spam and fraud.
The second part of the virus payload affects the Windows image mapping process, by changing the orientation of random photos you load in your web browser.
I’ve embedded a check file into my blog, so you can see if your computer is vulnerable to this exploit. If below this line you see the word “true” [in all capital letters], you’re vulnerable:
—–
TRUE
—–
If you have already been infected by the Blog Dump Virus, the two test photos below will appear upside down on your screen:
Stay tuned for instructions on how to patch your computer against Blog Dump, as I’ll be on the look out for how to avoid this virus myself. If you’re already infected, please leave a comment and I’ll email you as soon as I find a website with the repair utility that should be out later today from Microsoft, McAfee, or Grisoft.
UPDATE:
When it turned noon, the alert went away.
Happy April Fools Day.
(The animated cursor hole is real unfortunately. But there is not a virus that attacks blogs specifically and makes pictures show upside down.)
@hotmail.com
![[EFC Blue Ribbon - Free Speech Online]](http://www.efc.ca/images/efcfreet.gif)
skdadl | 01-Apr-07 at 6:49 am | Permalink
Happy April, saskboy.
Saskboy | 01-Apr-07 at 6:50 am | Permalink
Thanks Skdadl, I see your blog is unaffected :-)
It’ll be a lot happier here once I find a solution to this Virus!
skdadl | 01-Apr-07 at 7:08 am | Permalink
Saskboy, you should know: if our blog were affected, I would be the last person who could tell. Me, on the blog, I’m all thumbs. I phone my copy in and then pogge takes out all the swear words and tidies up the logic and publishes.
Red Tory | 01-Apr-07 at 7:32 am | Permalink
An April Fools’ Day prank? Please tell me it is…
—-
[Edited with RT's permission to display only the following during the prank period:]
I see the upside down photos on my computer what do I do? Please tell me what to do…
I think I’ll switch to Typepad over this, stupid Blogger!
—
Saskboy | 01-Apr-07 at 7:35 am | Permalink
RT, I’m working on it
Jan Johnstone | 01-Apr-07 at 8:10 am | Permalink
Happy A-ah-day, Saskboy.
Saskboy | 01-Apr-07 at 8:11 am | Permalink
Thanks Jan, keep that computer safe!
James Bow | 01-Apr-07 at 8:12 am | Permalink
The fact that I use a Mac allowed me to remember what day this is. Good one, Saskboy. :-)
Saskboy | 01-Apr-07 at 8:14 am | Permalink
You may not be immune from the Zero-Day nature of this one James just because you use a Mac. There’s a lot of Windows code that runs on them now you know :-|
Rosie | 01-Apr-07 at 9:05 am | Permalink
nice try. :P
Saskboy | 01-Apr-07 at 9:06 am | Permalink
I’m still trying to get the fix for this Rosie, don’t give up on me yet!
Jason Cherniak | 01-Apr-07 at 9:31 am | Permalink
I got a “false” return. Thank God!!!!
Saskboy | 01-Apr-07 at 9:32 am | Permalink
That’s good Jason, glad to hear there are some bloggers still unaffected so they can spread the alert today.
sheena | 01-Apr-07 at 9:48 am | Permalink
I find that I usually dump my blog every morning right after the first cup of coffee.
Eric Eggertson | 01-Apr-07 at 9:49 am | Permalink
Everything looks good to me. The photo of the upside down mug, and the guy levitating from the ceiling look fine!
Peri | 01-Apr-07 at 9:54 am | Permalink
I can see ‘eurt’ and the photos are the right way up. So that means everything’s fine, right?
Let’s meet at The Ruby for coffee and get gas, ok? =)
Saskboy | 01-Apr-07 at 9:58 am | Permalink
Oh oh Eric, better read the instructions again!
Peri, see you in Roleau.
Miss Cellania | 01-Apr-07 at 10:20 am | Permalink
No, I don’t use Blogger or Wordpress (well I use both, just not for my main site). Anyway, general opinion is that my blog is a dump anyway! Great post, considering!
Saskboy | 01-Apr-07 at 10:42 am | Permalink
Miss C, what’s your blog software called anyway? Does Squarespace use their own?
Wild Rose Grit | 01-Apr-07 at 10:53 am | Permalink
Ah, that’s what happened to my blog. I guess my parents PC must infected by this virus. Well, that’s it. I am only blogging of my Mac.
Saskboy | 01-Apr-07 at 10:55 am | Permalink
That’s too bad Wild Rose Grit, I hope in an hour I can help you get it back.
Candace | 01-Apr-07 at 10:56 am | Permalink
Well, if it’s an April Fool’s joke, it’s a good one. If not, send me the code unless you were levitating while taking your picture (your hair looks too short to stand up if upside down, so not an indicator).
Amanda | 01-Apr-07 at 11:00 am | Permalink
I was trying so hard to come up with an April 1 post and when I read yours I realized that all my ideas would fall short. So, in lieu of creativity, I linked to yours instead. Thanks!
Mark Francis | 01-Apr-07 at 12:18 pm | Permalink
The pictures were right-side up for me.
Thank God.
Artemis | 01-Apr-07 at 12:26 pm | Permalink
=Þ
Saskboy | 01-Apr-07 at 12:32 pm | Permalink
APRIL FOOLS!
Artemis | 01-Apr-07 at 1:20 pm | Permalink
I am VERY thankful you did this joke as a blog post and not an e-mail. I don’t want to be recieving e-mails “Re: MICROSOFT BLOG VIRUS!!!!! ” every day for the next 10 years.
joalberts | 01-Apr-07 at 2:03 pm | Permalink
I wonder what would happen to the astronaut’s Quidditch games if all the computers on board got the Blog Dump virus!! Imagine the horrors!!
;-)
~joalberts
Marabo | 01-Apr-07 at 2:11 pm | Permalink
got the upside down pictures…
that means i have this virus right?
anytime anyone knows how to remove .. msg ms
Geoorgine | 01-Apr-07 at 5:58 pm | Permalink
lol! Saskboy!
omg, I can see up your nose, yuk!
my mac has caught a windoze virus! yuk!
Happy April Fools day:))
Georgine
Leon | 01-Apr-07 at 11:11 pm | Permalink
Mine looked infected until I had that first cup of coffee. :)
Saskboy | 01-Apr-07 at 11:16 pm | Permalink
I was thinking the Trisf-Lirpa April First anagram would give it away for sure ;-), if the Windows Image Mapping Process WIMP didn’t do it.
ScruffyDan | 02-Apr-07 at 12:27 am | Permalink
the blog dump virus may not be as much of an April fools joke as we would all like.
Do a Google search for Jikto… it is scary stuff
For more info listen to Security now episode 85 and keep listening for the next few weeks.
http://www.grc.com/SecurityNow.htm#85
Saskboy | 02-Apr-07 at 10:23 pm | Permalink
Thanks for the tip Dan. Yeah there’s a lot of scary crud out there in cracker-land. I don’t completely trust Word Press to keep my blog forever safe, so the best we can all do is backup regularly, and roll with the punches.
Karen | 25-Mar-08 at 2:26 am | Permalink
ha ha ha… I was about to worry before I read the word Happy April Fool’s Day.. Because it’s March, I was fooled earlier.. Thanks though.. :)