New jpeg virus

405 Views 5 Replies 4 Participants Last post by ChuckAuger, Oct 5, 2004

dhooks

Discussion Starter · Sep 29, 2004

Theres a flaw in microsofts jpeg rendering technology that allows malicious code to be inserted into a pic which after you dl allows it to contact a website. In short it allows someone remote access. I think XP, WS 2003 and some versions of Office are the main ones affected.

So you all may want to update your antivirus if its a little outdated or go dl Microsofts security patch.

Save

1 - 6 of 6 Posts

xjet

· #2 · Sep 30, 2004

Updating your anti-virus software may not be enough -- Read Here

Save

Wind Junkie

· #3 · Oct 5, 2004

dhooks said:
Theres a flaw in microsofts jpeg rendering technology that allows malicious code to be inserted into a pic which after you dl allows it to contact a website. In short it allows someone remote access. I think XP, WS 2003 and some versions of Office are the main ones affected.

So you all may want to update your antivirus if its a little outdated or go dl Microsofts security patch.

malicious code in the operating system? I think someone is just trying to start a scare. Jpegs are just data -- they don't get executed. It's up to the browser to display what the data says, and it's unlikely it will spawn a virus unless the person who wrote the browser put the virus in the browser in the first place.

Save

xjet

· #4 · Oct 5, 2004

No, there's a definite vulnerability there.

The JPEG format includes a header that contains some data used to reconstruct the image.

Microsoft's software doesn't properly check that the header fields contain valid information which can result in the JPEG decoder accidentally over-writing some critical bits of memory which can then allow an executable payload also included in the JPEG file to execute.

The first couple of exploits for this vulnerability are alread in circulation.

Save

Wind Junkie

· #5 · Oct 5, 2004

xjet said:
No, there's a definite vulnerability there.

The JPEG format includes a header that contains some data used to reconstruct the image.

Microsoft's software doesn't properly check that the header fields contain valid information which can result in the JPEG decoder accidentally over-writing some critical bits of memory which can then allow an executable payload also included in the JPEG file to execute.

The first couple of exploits for this vulnerability are alread in circulation.

So, wasn't I right in the first place? The malicious code is really in Microsoft's jpg rendering software?

How can any virus (the "payload") reliably depend on the jpg decoder application overwriting "critical" areas of my virtual memory? At worst, I can imagine a hiccup leading to a blue screen.

To really work, the virus would need to be executed in place, which means the PC needs to somehow get pointed from the "critical area" you mentioned, into the jpg data memory location. The header should contain parameters on how to interpret the jpg data. Even if it's invalid data, the decoder should NOT start executing the header as if it were code. It should just fail to display, and maybe get an error dependng on which application called for the display.

Show me where you saw this in the first place. I feel like I belong in Missouri right now. By no means am I an expert in virus software, but I find it very hard to believe someone found a way to fool a graphics program into thinking it was a virus itself.

See less See more

Save

ChuckAuger

· #6 · Oct 5, 2004

I'm not sure what the deal is, but it's been all over the news.

Seems like it's more of a Trojan than a Virus

http://www.lurhq.com/jpegvirus.html

Save

1 - 6 of 6 Posts

This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.

Top Contributors this Month