Similar to the WMF vulnerability in Windows exposed earlier this year, there is a new vulnerability in VML files. F-Secure has an article on how to protect your system which involves unregistering the vgx.dll component.

F-Secure states that: "VML is a description format for browsers to draw vector graphics. Not too many websites use this format today - but rather display plain images." While this is true, there is one rather popular application that does in fact use VML: Google Maps (at least, when you're using Internet Explorer).

Google Maps uses VML in Internet Explorer to draw line segments when using the route-finding features. For an example of a map that fails to display lines after unregistering vgx.dll, see my southwest USA travel map from our trip last year. There should be lines on the map tracing the route we drove. It is worth noting that for browsers other than Internet Explorer, Google Maps uses a more intensive server-side solution - it generates a mostly transparent PNG overlay file on the Google Maps servers, and overlays that on top of the map.

Of course Microsoft already has a fix for this, but the patch release is not scheduled until the next Patch Tuesday, 10 October. It will be interesting to see whether we see the rapid rise in exploit code between now and then (like we did for the WMF vulnerability).

The Nyxem.E virus is due to hit in a couple of days. This one has been infecting computers through mass-mailing, and disables anti-virus software and will start destroying files (DOC/XLS/PPT/ZIP/RAR/PDF/MDB) on hard drives on 3 february (and, I think, every 3rd of the month thereafter).

F-Secure has a free disinfection tool called F-Force that will scan your computer for some of the worst of the worst viruses, including this one. I'd recommend downloading it and running it if you have a Windows machine (be sure to read the included instructions as you will need to download another zip file too).

Personally, I haven't been hit by a worm or virus or found any spyware on my machine in the last 15 years or so that I've been using Windows. I consider this partly due to luck and partly due to a high degree of familiarity with what my computer ought to be doing at any given time (being a programmer, I've learned to watch for anything unexpected because it might be one of my programs that's got a bug). Nevertheless, I don't consider myself immune and I'm running F-Force right now.

Remember, this virus is destructive. If you have it and the 3rd of the month rolls by, you will lose a lot of files you probably wanted to keep.