The attack was dreamt up by security expert Sam Kamkar who demonstrated at the Black Hat hackers conference a website exploiting common shortcomings in a router to reveal it’s real-world location.

He tricked the router into believing the request for it’s ID information was coming from the connected PC, not from the Internet.  He then used the revealed MAC address with a geo-location feature in Firefox to interrogate the database Google gathered when it made its Street View photographs.

The data, which was controversially gathered, linked the MAC addresses of routers to GPS co-ordinates.  “This is geo-location gone terrible,” said Mr Kamkar during his presentation. “Privacy is dead people. I’m sorry.”

Mikko Hyponnen, senior researcher at F Secure called the demonstration “very interesting” adding that such a technique could be used for “stalking or targeted attacks against an individual”.

“The fact that databases like Google Streetview’s Mac-to-Location database or the Skyhook database can be used in these attacks just underlines how much responsibility companies that collect such data have to safeguard it correctly.” said Mr Hypponen

In 2005, Mr Kamkar created a work that helped him gain more than 1 million MySpace friends in a single day.

Microsoft has reported it’s seen more than 10,000 PCs hit by the attack so far and it’s still not been able to find a fix for the problem.

The effect of the vulnerability can give hackers complete control over a PC.  It initially came about when a Google Engineer discovered it was possible to exploit Windows XP’s ability to send and receive remote help from another computer.

Initially, Microsoft said it only saw “innocuous” attacks by a few researchers but now hi-tech criminals are exploiting it as well.

Writing on the Microsoft Security Centre blog, Holly Stewart said it had started seeing “seemingly-automated, randomly-generated” web pages that host the exploit.

A senior security researcher at Trend Micro, Rik Ferguson, said  ”It’s certainly very serious and is now being actively exploited by what appears to be several different groups as you can see form the multiple payloads being delivered.” and Carole Thierault, senior security consultant as security firm Sophos has described the attacks as a “nightmare”.

Microsoft is still working on a fix for the problem but Engadget have reported that…

Microsoft says the only current work around to the issue is to Unregister the HCP Protocol which disables hcp:// style links

The vulnerability does not affect Windows Vista or Windows 7.

Windows XP and Windows Server 2003 users can read the following guide to find out how to protect their system from the attack: Windows XP And Windows Server 2003 Zero-Day Vulnerability

Many file and image hosts filter dangerous file types. If you tried to upload a Jar file to most of them you would get an error message stating that the file type was not supported. Many however fail to analyze the file itself and simply reject files based on their extension which opens the door for this attack.

That’s a pretty dangerous exploit. Imagine someone who uses this to upload a new avatar to popular websites like Facebook or Myspace (two examples, I have not checked if the two use advanced upload filters). He could do all sorts of things with the Java Applet once users open up his profile page.

The only valid defense against this type of attack is to disable Java on the computer for the moment. Sun is already working on a fix although the researchers say that it is not Sun’s fault that this vulnerability exists.

Bkp also said that they know who did this but does not say how they know. He could be referring to IP addresses that they found, other traces or confidential information. They ask every user to change the password during their next login which is apparently happening automatically at the very moment. It remains to be seen if the encryption used to encrypt the email addresses is strong enough to withstand decryption.

You might be interested in which Windows editions are effected and which are not. It would also be nice to know if your browsers and e-mail clients are vulnerable and can be used to exploit the system. Vulnerable are Windows Vista, Windows XP SP2 and Windows 2000 SP4. Several other Microsoft operating systems are affected as well like Windows Server 2003 but I think the first three cover most Windows editions that my readers use. Exploitation happens completely silently.

Take a look at the demonstration video below. It shows how Windows Vista enters a endless Crash-Restart loop caused by a malicious ani file which was dropped on the desktop. Attacks will most likely occur over the Internet.

A security company has released a temporary fix for the solution until an official Microsoft patch gets released.