Steve Quayle News Alerts

September 28, 2004
By Jason Lopez
Enterprise Security Today

The latest Windows virus threat exploits a weakness in the way many Microsoft products procress JPEG graphic images. Security experts say JPEG of Death.C is spreading slowly, so far, but it is evolving and could present increasing problems in the near future.

INTEL®: INGREDIENT #1 FOR BUILDING BUSINESS. From small businesses to global enterprises, Intel gives you the tools and resources to help your organization succeed. Browse our library of business strategies and solutions, and get the information you need to stay on top of the latest technologies.

A Trojan horse that exploits a weakness in Microsoft Windows XP and other programs has been detected in JPEG images. The method of attack is through malformed JPEGs created by a rogue program called "JPEG of Death.C."

Two weeks ago, Microsoft announced the discovery of a vulnerability in how Windows processes JPEG images. The weakness in the Graphic Device Interface Plus (GDI) could allow attackers to break into a computer through a corrupted JPEG image copied to the system.

When activated, the Trojan horse downloads software from an FTP site that installs a back door on the computer. Fortunately, the virus does not replicate.

JPEG of Death

The weakness exists in a variety of Microsoft products, including Windows XP, Windows Server 2003, Office XP and Service Packs 2 and 3, Office 2003, and more than a dozen other applications. Microsoft offers patches, which security experts urge users to install, on its Web page. Earlier versions of Windows are not affected.

The JPEG of Death.C is "a program that is undergoing development by attackers to improve how effective it is," said Oliver Friedrich, senior manager of Symantec's security response team.

"We're seeing initial indications that computers are becoming affected, but it's not widespread," he told NewsFactor.

Bigger Outbreaks Possible

Security experts are concerned that further development of the program could lead to bigger outbreaks. "If someone were to improve this to work with Internet Explorer, it's possible a computer could get infected simply by looking at an image," Friedrichs added.

Currently, the infection only occurs when an image is copied to the computer through Windows Explorer. It is conceivable that images that appear normal could spread viruses automatically when viewed. Web sites would be a natural place to post such images, although traffic most likely would be low.

Corrupt pictures delivered via e-mail pose a much bigger threat.

"That could catastrophic, because the image could load automatically, infect the computer, and send more e-mails," Friedrichs acknowledged.

http://enterprise-security-today.newsfactor.com/story.xhtml?story_title=JPEG-Based-Infections-Not-Yet-Widespread&story_id=27240&category=winsecurity