Posted on 10/01/2004 2:38:34 PM PDT by swilhelm73
Security experts have been expecting such images to turn up after Microsoft revealed a weakness in the way Windows handles the popular Jpeg format.
Soon after this discovery, a program started circulating online that was written to exploit this bug.
The poisoned images were posted to a porn newsgroup at the weekend and were found by Usenet provider Easynews.
Early warning
Poisoned pictures containing the bug have been widely predicted following the discovery of the Jpeg bug that afflicts more than a dozen Microsoft programs.
To fall victim to the poisoned pictures, users must view it using Windows Explorer.
VULNERABLE PROGRAMS Windows XP Windows XP Service Pack 1 Windows Server 2003 Internet Explorer 6 SP1 Office XP SP3 Office 2003 Digital Image Pro 7.0 Digital Image Pro 9 Digital Image Suite 9 Greetings 2002 Picture It! 2002 Picture It! 7.0 Picture It! 9 Producer for PowerPoint Project 2002 SP1 Project 2003 Visio 2002 SP2 Visio 2003 Visual Studio .NET 2002 Visual Studio .NET 2003 Once in place, the code then tells an infected machine to contact a server on the web to download another program that lets it be taken over remotely by an attacker.
The partner server that held the remote control code has now been shut down.
Oliver Friedrichs, senior manager with Symantec Security Response, said that he expected future versions of the bug to strike when images are viewed with the Internet Explorer browser and Outlook.
Microsoft played down the threat from the images. In a statement it said few people were likely to fall victim because of the series of steps they had to go through to get infected.
The net watchdog, the Internet Storm Center, said the poisoned images only crashed computers in tests, but added that working versions were probably close to being finished.
It also said that poisoned images were starting to circulate on AOL Instant Messenger.
Security firm F-Secure said that, so far, the few poisoned pictures posted on Usenet were not a virus because they do not replicate.
"Unfortunately I have a nasty feeling we might sooner or later see a mass-mailer worm using a Jpeg image as the attachment," wrote Mikko Hypponen in the company's online journal.
Users who have updated their Windows XP machines with the SP2 update could still be at risk from this bug if they are running unpatched programs, such as Microsoft Office, that are vulnerable.
Microsoft is urging people to update their version of Windows and download patches to close the loophole.
Some security firms have also produced tools that let users scan computers to see which machines are vulnerable to the exploit.
Anti-virus firms have updated their software to recognise the signature of the virus-bearing images.
Ordinarily, I'd ask for pictures, but in this case...
I wonder how many of them thought they were just going blind...
Dump IE, switch to Firefox.
Pinging the picture diva...
|
Sadly, it's true. |
right-o! and while we're at it, let's all dump our cars for one of those two-wheeled gyroscopic people mover things.
Downloading pr0n is dumb and can cause your computer to suddenly freeze u
The problem is not with IE itself:
The vulnerability in caused due to a boundary error within the GDI+ JPEG Parsing component (Gdiplus.dll). This can be exploited to cause a buffer overflow by tricking a user into viewing a specially crafted JPEG image with any application using the vulnerable component for JPEG image processing.
I don't know if Firefox or Mozilla use that dll.
AAAG! now, I'm blind.
A post like yours is surely worth a 1-week ban from FR!
You're an evil, evil person.
This says it isn't just porn pictures:
http://reviews.cnet.com/4520-3513_7-5515107-1.html
Can you imagine the Internet without pictures? A new flaw in the way Windows, and therefore Internet Explorer, renders JPEG images--one of the most common image formats on the Web--should make you think twice about whether you should display them. At the very least, it should nudge you into considering an alternative Internet browser, such as Firefox.
The code to exploit this flaw is now public. Usually, exploit code release is the first step toward a new virus or worm, and as we have seen before, the time from exploit to virus is generally about two to three weeks. In other words, the clock is ticking.
(snip)
Yep, that's true.
This kind of code can be inserted into any kind of image.
Hopefully Microsoft is working 24/7 to fix this.
THAT'S the reason Photoshop should be regulated more closely than handguns.
Nope, not since the Dolly Parton Fiasco!
Now that's just NASTY! Ecch! Phtt!
Have A Heart!
I could've gone the whole rest of my life without seeing that!
(You have become a sadist)
Speaking of porn, I understand there's another Paris Hilton porn tape floating around.
It isn't just IE, and it isn't restricted to MS products. I posted an article from SANS earlier today that says they're getting reports of the exploit being used by AOL Instant Messenger.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.