Oh great. Viruses in .bmp now.

Discussion in 'NZ Computing' started by Howard, May 18, 2004.

  1. Howard

    Howard Guest

    1. Advertising

  2. Dave - Dave.net.nz, May 18, 2004
    #2
    1. Advertising

  3. Howard

    steve Guest

    Howard wrote:
    > http://www.kaspersky.com/news.html?id=148515536
    >
    >


    Don't worry....it's only Windows...and an old version of MS IE 5.0/5.5.

    People on IE 6.0 should be OK...and people who don't use MS products
    never had anything to worry about anyway.

    "Agent exploits a vulnerability in MS Internet Explorer versions 5.0 and
    5.5 which allows malicious code to be launched on victim machines via
    modified BMP files. This vulnerability is a direct result of the Windows
    source code leak and was first detected on February 16, 2004."
    steve, May 18, 2004
    #3
  4. Howard

    zed Guest

    Dave - Dave.net.nz wrote:

    > Howard wrote:
    >
    >> http://www.kaspersky.com/news.html?id=148515536

    >
    >
    > Interesting...
    > "This vulnerability is a direct result of the Windows source code leak
    > and was first detected on February 16, 2004."


    Note that it is specific to IE 5 - 5.5 on W2000 Russian Language only.
    Why on earth would ms put into IE a feature (now apparently a
    vulnerability) that could allow code to execute when viewing a bitmap?
    A few days ago, half by accident, I wrote some lines of data to a bitmap
    file. I was somewhat surprised to find that I could open the file in
    mspaint, and it looked absolutely fine, despite containing a few lines
    of text in the middle of the file, that wasn't supposed to be there.
    zed, May 18, 2004
    #4
  5. Howard

    Rider Guest

    "zed" <> wrote in message
    news:...
    > Dave - Dave.net.nz wrote:
    >
    > > Howard wrote:
    > >
    > >> http://www.kaspersky.com/news.html?id=148515536

    > >
    > >
    > > Interesting...
    > > "This vulnerability is a direct result of the Windows source code leak
    > > and was first detected on February 16, 2004."

    >
    > Note that it is specific to IE 5 - 5.5 on W2000 Russian Language only.
    > Why on earth would ms put into IE a feature (now apparently a
    > vulnerability) that could allow code to execute when viewing a bitmap?
    > A few days ago, half by accident, I wrote some lines of data to a bitmap
    > file. I was somewhat surprised to find that I could open the file in
    > mspaint, and it looked absolutely fine, despite containing a few lines
    > of text in the middle of the file, that wasn't supposed to be there.
    >


    Didnt people use to do this with JPG files?You could view the picture fine,
    but it had some code in it that would execute without you being able to see
    what was happening. This was awhile ago now.

    Rider
    Rider, May 18, 2004
    #5
  6. zed wrote:
    > A few days ago, half by accident, I wrote some lines of data to a bitmap
    > file. I was somewhat surprised to find that I could open the file in
    > mspaint, and it looked absolutely fine, despite containing a few lines
    > of text in the middle of the file, that wasn't supposed to be there.


    to get around potential corruption?
    Dave - Dave.net.nz, May 18, 2004
    #6
  7. Howard

    zed Guest

    Rider wrote:

    > "zed" <> wrote in message
    > news:...
    >
    >>Dave - Dave.net.nz wrote:
    >>
    >>
    >>>Howard wrote:
    >>>
    >>>
    >>>>http://www.kaspersky.com/news.html?id=148515536
    >>>
    >>>
    >>>Interesting...
    >>>"This vulnerability is a direct result of the Windows source code leak
    >>>and was first detected on February 16, 2004."

    >>
    >>Note that it is specific to IE 5 - 5.5 on W2000 Russian Language only.
    >>Why on earth would ms put into IE a feature (now apparently a
    >>vulnerability) that could allow code to execute when viewing a bitmap?
    >>A few days ago, half by accident, I wrote some lines of data to a bitmap
    >>file. I was somewhat surprised to find that I could open the file in
    >>mspaint, and it looked absolutely fine, despite containing a few lines
    >>of text in the middle of the file, that wasn't supposed to be there.
    >>

    >
    >
    > Didnt people use to do this with JPG files?You could view the picture fine,
    > but it had some code in it that would execute without you being able to see
    > what was happening. This was awhile ago now.
    >
    > Rider
    >


    I don't know about executing code. "Steganography" tools are available
    to allow you to hide text inside jpg files. My mistake seems to show
    that steganography for bmp files doesn't have to be very sophisticated -
    although i didn't check to see what happened if I opened the file in an
    application other than mspaint. I think that is secret agent stuff of no
    practical use to anyone but the most paranoid or devious. I think the
    idea was that secret messages could be concealed in pictures posted on a
    website or ng - by spies and terrorists. A bit far fetched IMO, but who
    knows these days?
    zed, May 18, 2004
    #7
  8. In article <>,
    says...
    > Dave - Dave.net.nz wrote:
    >
    > > Howard wrote:
    > >
    > >> http://www.kaspersky.com/news.html?id=148515536

    > >
    > >
    > > Interesting...
    > > "This vulnerability is a direct result of the Windows source code leak
    > > and was first detected on February 16, 2004."

    >
    > Note that it is specific to IE 5 - 5.5 on W2000 Russian Language only.
    > Why on earth would ms put into IE a feature (now apparently a
    > vulnerability) that could allow code to execute when viewing a bitmap?
    > A few days ago, half by accident, I wrote some lines of data to a bitmap
    > file. I was somewhat surprised to find that I could open the file in
    > mspaint, and it looked absolutely fine, despite containing a few lines
    > of text in the middle of the file, that wasn't supposed to be there.


    All a bitmap is is pixel data. You just overwrote a few pixels colours
    with new colours.
    Patrick Dunford, May 18, 2004
    #8
  9. In article <c8bkva$kgt$>,
    says...
    >
    > "zed" <> wrote in message
    > news:...
    > > Dave - Dave.net.nz wrote:
    > >
    > > > Howard wrote:
    > > >
    > > >> http://www.kaspersky.com/news.html?id=148515536
    > > >
    > > >
    > > > Interesting...
    > > > "This vulnerability is a direct result of the Windows source code leak
    > > > and was first detected on February 16, 2004."

    > >
    > > Note that it is specific to IE 5 - 5.5 on W2000 Russian Language only.
    > > Why on earth would ms put into IE a feature (now apparently a
    > > vulnerability) that could allow code to execute when viewing a bitmap?
    > > A few days ago, half by accident, I wrote some lines of data to a bitmap
    > > file. I was somewhat surprised to find that I could open the file in
    > > mspaint, and it looked absolutely fine, despite containing a few lines
    > > of text in the middle of the file, that wasn't supposed to be there.
    > >

    >
    > Didnt people use to do this with JPG files?You could view the picture fine,
    > but it had some code in it that would execute without you being able to see
    > what was happening. This was awhile ago now.


    Jpegs can contain additional headers under the Exif and several other
    standards, anything for an EXE was probably another Windows bug.
    Patrick Dunford, May 18, 2004
    #9
  10. Howard

    zed Guest

    Patrick Dunford wrote:

    > In article <>,
    > says...
    >
    >>Dave - Dave.net.nz wrote:
    >>
    >>
    >>>Howard wrote:
    >>>
    >>>
    >>>>http://www.kaspersky.com/news.html?id=148515536
    >>>
    >>>
    >>>Interesting...
    >>>"This vulnerability is a direct result of the Windows source code leak
    >>>and was first detected on February 16, 2004."

    >>
    >>Note that it is specific to IE 5 - 5.5 on W2000 Russian Language only.
    >>Why on earth would ms put into IE a feature (now apparently a
    >>vulnerability) that could allow code to execute when viewing a bitmap?
    >>A few days ago, half by accident, I wrote some lines of data to a bitmap
    >>file. I was somewhat surprised to find that I could open the file in
    >>mspaint, and it looked absolutely fine, despite containing a few lines
    >>of text in the middle of the file, that wasn't supposed to be there.

    >
    >
    > All a bitmap is is pixel data. You just overwrote a few pixels colours
    > with new colours.

    Probably did.
    I note that you can append text to a bmp file without changing any pixel
    values, and it seems to open without problems in any bmp viewer I have
    on my PC.
    zed, May 18, 2004
    #10
  11. Howard

    Divine Guest

    On Tue, 18 May 2004 12:10:16 +1200, zed wrote:

    > Why
    > on earth would ms put into IE a feature (now apparently a vulnerability)
    > that could allow code to execute when viewing a bitmap?


    Because there is collusion between Micro$oft, the virus writers, and
    the writers of anti-virus programmes. :eek:)

    Or... because Micro$oft is such a stupid company that it decided
    executable data could be read and executed from image or audio files.


    Divine

    --
    The Queen's Mother: "Well I don't know what all you queens are doing,
    but this old Queen wants a drink."
    Divine, May 18, 2004
    #11
  12. Howard

    Richard Guest

    Divine wrote:

    >>Why
    >>on earth would ms put into IE a feature (now apparently a vulnerability)
    >>that could allow code to execute when viewing a bitmap?

    >
    >
    > Because there is collusion between Micro$oft, the virus writers, and
    > the writers of anti-virus programmes. :eek:)
    >
    > Or... because Micro$oft is such a stupid company that it decided
    > executable data could be read and executed from image or audio files.


    Do you not recall the jpeg some time back that used an issue in IE to make the
    CD tray eject? Its usually a buffer overflow that allows things like this to
    happen. Anything that opens data from an untrusted source needs to be carefully
    audited on how it handles out of spec data, or that sort of thing will happen.
    Winamp has had at least one issue with its handling of meta data. Microsoft
    wouldnt have intentionally put this in, its an oversight, and the current
    exploit only works on russian windows, that will be because of the different
    memory footprint of the windows versions.. Give it a few hours and there will be
    one for english IE out in the wild.
    Richard, May 18, 2004
    #12
  13. In article <pan.2004.05.18.08.36.13.616646@TRACKER>,
    says...
    > On Tue, 18 May 2004 12:10:16 +1200, zed wrote:
    >
    > > Why
    > > on earth would ms put into IE a feature (now apparently a vulnerability)
    > > that could allow code to execute when viewing a bitmap?

    >
    > Because there is collusion between Micro$oft, the virus writers, and
    > the writers of anti-virus programmes. :eek:)
    >
    > Or... because Micro$oft is such a stupid company that it decided
    > executable data could be read and executed from image or audio files.


    Nope, there have been a few holes because of the funny way IE handled
    MIME types.
    Patrick Dunford, May 18, 2004
    #13
  14. Patrick Dunford <> suggested:
    >
    > there have been a few holes because of the funny way IE handled
    > MIME types.


    funny? bwaahaarhaar
    like the way imbeciles were regarded as funny in olden times...

    IE is brain-dead when it comes to MIME types
    J.Random Luser, May 18, 2004
    #14
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bud
    Replies:
    0
    Views:
    1,829
  2. Paul Lynch
    Replies:
    2
    Views:
    405
    Paul Lynch
    Jun 4, 2004
  3. stan

    whats .bmp

    stan, Aug 16, 2005, in forum: MCSE
    Replies:
    25
    Views:
    1,295
    Briscobar
    Aug 24, 2005
  4. William Graham
    Replies:
    2
    Views:
    406
    Tony Spadaro
    Aug 23, 2004
  5. Jenna Topping

    BMP to TIFF or TIFF to BMP- any loss?

    Jenna Topping, Jan 21, 2005, in forum: Digital Photography
    Replies:
    5
    Views:
    690
    None40
    Jan 23, 2005
Loading...

Share This Page