FYI: Windows JPEG exploit found in the wild

[Mr T.]

Tuesday September 28, 12:28 PM

Windows JPEG exploit found in the wild
By Ciaran Buckley

Less than two weeks after it was announced, hackers have exploited a Windows XP JPEG vulnerability and are spreading a virus through adult content newsgroups (which can mean everything from interest group forums, to financial updates to porn sites).

On 14 September, Microsoft (NASDAQ: MSFT - news) released Security Bulletin MS04-028, which warned that because of a problem with the way that Windows handles JPEG image files, malicious code could be executed on a user's machine if they simply viewed an ordinary image file. Because Microsoft's Internet Explorer browser is vulnerable, users could be attacked just by visiting a website that has affected images.

Within a week, malicious hackers had developed a proof of concept and software development kit (SDK) for others who wished to write a virus to exploit the vulnerability. A virus is now loose on the internet, having been posted to an adult content newsgroup with a JPEG extension.

"What's important for people to understand is how quickly after the bulletin is published that viruses are out in the wild," said Conor Flynn, technical director of Dublin-based Rits, speaking to ElectricNews.Net. "This is a difficult virus to stop, because not many people have web-based scanning at the perimeter and it can go straight from your browser to your PC."

The virus is a Trojan, which makes the computer available to the hacker as a drone or "zombie," which means that it could be used to forward spam onto other users, or to bombard websites in a distributed denial of service (DDoS).

The virus is also able to access information on the user's computer, including software license keys, credit card details or other confidential information. If the computer is on a network, then the virus will have access to all of the shared drives and could spread throughout the LAN.

Flynn advises users to install the patch for the flaw, which can be downloaded from Microsoft's site.

"People are patching the vulnerability, but they're doing it very slowly," said Conor Flynn. "People should download patches before they open Internet Explorer, people need to get into a new routine."

As a general rule, internet users should install anti-virus software and keep it updated and should configure a firewall to stop intrusions from the web, Flynn added. "The top three or four anti-virus programmes do a very good job if you keep them up to date," he said. "The Windows firewall is average, but there are firewalls like Symantec (NASDAQ: SYMC - news) , Tiny and ZoneAlarm which are very good and some of them are free for home users."

[abucksdiver]

Bren,
What was the source of this article?

Thanks
Andrew

[PeteM]

Quote:

Originally Posted by abucksdiver

Bren,
What was the source of this article?

Thanks
Andrew

http://www.f-secure.com/v-descs/ms04-028.shtml
http://antivirus.about.com/od/securi.../a/jpgflaw.htm
http://www.infoworld.com/article/04/...exploit_1.html
http://www.techimo.com/newsapp/i12028.html

[Mr T.]

Quote:

Originally Posted by abucksdiver

Bren,
What was the source of this article?

Thanks
Andrew

Sorry for the delay in coming back Andrew - here ya go:

http://www.enn.ie/frontpage/news-9555765.html

[JohnK]

If I understand it right, anyone with XP and SP2 should be OK ????

[Andrew H]

JPEG exploit? For heavens sake how many holes are there in this OS? Of course if you apply SP2 then that will break.....

Andrew

[abucksdiver]

Thanks Bren,
Being "in the industry" I need to quote the source before discussing issues like this!

Regards
Andrew