Virus writers focus on image bug - GoFuckYourself.com

DVTimes · 09-24-2004, 11:27 AM

A critical weakness found in many Microsoft programs looks like it is about to be exploited by virus writers.
The bug only came to light last week, but code is now circulating that could be used to attack vulnerable machines.

Some security experts said conditions were right to turn the bug into a widely exploited problem.

But others said there was still time to patch machines and ensure that virus writers were prevented from scoring a big success.

Picture problems

Microsoft issued a critical security alert last week telling users that there were problems with the way Jpeg images are handled by Windows and many other programs it makes.

The alert said that, theoretically, a malicious attacker could take over a vulnerable machine using a carefully crafted image that contained code to exploit the bug.

At the time the alert was issued, example code to exploit the bug had not been seen.

However, sample code written for the bug appeared earlier this week, leading some to speculate that a virus written to use it would follow soon.

The code was posted to a closed circulation security mailing list and a publicly viewable website.

This could mean that users find their machine under attack when they view images on the web or when their e-mail program previews images contained in messages.

"This is the virus equivalent of a harmonic convergence," said David Perry, from anti-virus firm Trend Micro.

He said all the conditions were right to make any virus that used the exploit code a big hitter.

"It's been a long time since the last major virus outbreak," he said. "That's a major factor. How many people have let their guard down?"

"Also," he said, "it's a big vulnerability and it affects a lot of different people and it would be easy to put on the web or any of a number of different things."

He said porn sites or those happy to spread spyware could be sources of virus carrying images.

No panic

He said one other reason for suspecting that a virus to exploit the Jpeg bug was imminent was the fact that the annual Virus Bulletin conference runs this week.

"There's almost always a virus released during the Virus Bulletin conference because all the virus experts are away from home," he said.

But Graham Cluley from anti-virus firm Sophos said there was no need to panic.

"At the moment no-one is exploiting the bug to deliver malicious code," he told BBC News Online. "It is purely being done as a 'proof of concept'."

He urged people to apply patches before a virus was written to exploit the bug.

"Microsoft has had its patches out for more than a week now," he said, "so home users who have switched to automated updates should already have downloaded the fix."

Security experts pointed out that machines patched with the SP2 update to XP, which closes many commonly exploited vulnerabilities, could be at risk from the Jpeg virus if they used other programs that still contained the loophole.

In all, more than a dozen programs are susceptible to the Jpeg exploit.

Advice from analysts Gartner said the Jpeg bug could be hard for companies to protect themselves against because most computers had several versions of the vulnerable component installed.

http://news.bbc.co.uk/1/hi/technology/3684552.stm

Fake Nick · 09-24-2004, 11:29 AM

emthree · 09-24-2004, 11:31 AM

From what I remember, you were allways able to do evil things with vbscript in a image format.

09-24-2004, 11:27 AM	#1
DVTimes xxx Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,547	Virus writers focus on image bug A critical weakness found in many Microsoft programs looks like it is about to be exploited by virus writers. The bug only came to light last week, but code is now circulating that could be used to attack vulnerable machines. Some security experts said conditions were right to turn the bug into a widely exploited problem. But others said there was still time to patch machines and ensure that virus writers were prevented from scoring a big success. Picture problems Microsoft issued a critical security alert last week telling users that there were problems with the way Jpeg images are handled by Windows and many other programs it makes. The alert said that, theoretically, a malicious attacker could take over a vulnerable machine using a carefully crafted image that contained code to exploit the bug. At the time the alert was issued, example code to exploit the bug had not been seen. However, sample code written for the bug appeared earlier this week, leading some to speculate that a virus written to use it would follow soon. The code was posted to a closed circulation security mailing list and a publicly viewable website. This could mean that users find their machine under attack when they view images on the web or when their e-mail program previews images contained in messages. "This is the virus equivalent of a harmonic convergence," said David Perry, from anti-virus firm Trend Micro. He said all the conditions were right to make any virus that used the exploit code a big hitter. "It's been a long time since the last major virus outbreak," he said. "That's a major factor. How many people have let their guard down?" "Also," he said, "it's a big vulnerability and it affects a lot of different people and it would be easy to put on the web or any of a number of different things." He said porn sites or those happy to spread spyware could be sources of virus carrying images. No panic He said one other reason for suspecting that a virus to exploit the Jpeg bug was imminent was the fact that the annual Virus Bulletin conference runs this week. "There's almost always a virus released during the Virus Bulletin conference because all the virus experts are away from home," he said. But Graham Cluley from anti-virus firm Sophos said there was no need to panic. "At the moment no-one is exploiting the bug to deliver malicious code," he told BBC News Online. "It is purely being done as a 'proof of concept'." He urged people to apply patches before a virus was written to exploit the bug. "Microsoft has had its patches out for more than a week now," he said, "so home users who have switched to automated updates should already have downloaded the fix." Security experts pointed out that machines patched with the SP2 update to XP, which closes many commonly exploited vulnerabilities, could be at risk from the Jpeg virus if they used other programs that still contained the loophole. In all, more than a dozen programs are susceptible to the Jpeg exploit. Advice from analysts Gartner said the Jpeg bug could be hard for companies to protect themselves against because most computers had several versions of the vulnerable component installed. http://news.bbc.co.uk/1/hi/technology/3684552.stm __________________ The Affiliate Program

09-24-2004, 11:29 AM	#2
Fake Nick So Fucking Banned Join Date: Jul 2004 Location: go troll goo! Posts: 7,708	OMFG

09-24-2004, 11:31 AM	#3
emthree Dialer Kingpin Join Date: Jun 2003 Location: New York Posts: 10,816	From what I remember, you were allways able to do evil things with vbscript in a image format. __________________ • Sell Patches & Pills •