Sip Posted September 28, 2004 Report Share Posted September 28, 2004 (edited) Yah you heard me! Virus or trojan from just viewing a JPG image Microsoft Security Bulletin Here is some info about it. Hackers work out SP2 JPEG virus AS WE PREDICTED last week after a weekend free time, hackers have come up with a method of exploiting the latest hole in Microsoft Windows. A proof of concept virus has been posted here. Since it is a security site that have published the code the Shellcode and valid addresses have been removed to protect the innocent. The code is interesting because it can open a command window within Windows and run arbitrary code, something the buffer overload programs we saw last week could not do. Security experts predict more dire doom coming from this particular windows bug. Although much of it can be stopped by Windows SP2 upgrades, it also requires the more modern versions of Outlook and Office. Patches for the JPEG vulnerability can be found on the Microsoft Web site. Some more here Corrupted porn pics expose Microsoft hole Jpeg vulnerability spread wide open on news groups. By Paul Roberts, IDG News Service Hackers are targeting porn news groups with jpeg images that exploit the recently discovered hole in Microsoft software. The images are the first evidence of public attacks using the critical flaw, which Microsoft identified and patched on 14 September. Users who unwittingly download the poison images could have remote control software installed on their computers that gives remote attackers total control over the machine, experts have warned. The images have been posted on a variety of news groups where visitors post and share pornographic images, including "alt.binaries.erotica.breasts". Someone using the e-mail address "Power-Poster@power-post.org," according to Bugtraq and on Easynews.com, was responsible. The corrupted images are indistinguishable from other images posted in the group, but contain a slightly modified version of recently released exploit code for the jpeg vulnerability which appeared over the weekend, according to Johannes Ullrich, chief technology officer of The SANS Institute's Internet Storm Center. Like other exploits for the vulnerability that have appeared in the weeks since Microsoft released its patch, the so-called "Jpeg of Death" uses a jpeg image file formatted to trigger an overflow in a common Windows component called the GDI+ JPEG decoder, which is used by Windows, Internet Explorer, Outlook and many other Windows applications. When opened by users, the infected JPEGs try to install a copy of Radmin, a legitimate software application that allows users to remotely control their computers. In this case, however, the program is being used by the remote attacker as a Trojan horse program. Infected Windows machines are also programmed to report back to an IRC channel, Ullrich said. ... So get your windows updates before the MAC guys and gals have any more chances to make fun of you! Edited September 28, 2004 by Seapahn Quote Link to comment Share on other sites More sharing options...
hytga Posted September 29, 2004 Report Share Posted September 29, 2004 that's defenetly smart. whoever thought of that? Quote Link to comment Share on other sites More sharing options...
Armen Posted September 29, 2004 Report Share Posted September 29, 2004 whoever thought of that? style_images/master/snapback.png I think those who will make a big amount of money out of the whole thing Quote Link to comment Share on other sites More sharing options...
sev-mard Posted September 29, 2004 Report Share Posted September 29, 2004 Yeah this is crazy stuff. There are always going to be some kind of loopholes when dealing with computers and the like. And what hacker wouldn't want to do damage to the Gate Keeper. He's such a big target these days, feel sorry for him? Naww.....he's got 48 biiillliiiiiion reasons why we don't need to feel sorry for him. lol Quote Link to comment Share on other sites More sharing options...
bellthecat Posted September 30, 2004 Report Share Posted September 30, 2004 Security experts predict more dire doom coming from this particular windows bug. Although much of it can be stopped by Windows SP2 upgrades, it also requires the more modern versions of Outlook and Office. A bit missleading, it is the virus that needs the more modern versions of Outlook and Office. Those of us that are still "struggling" along with windows98, office 2000, explorer 5.5, etc, are unaffected by it all. Quote Link to comment Share on other sites More sharing options...
DominO123 Posted September 30, 2004 Report Share Posted September 30, 2004 windows98 style_images/master/snapback.png What is a windows98... this word sound familar in my memories of a distant past. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.