Re: Windows Flaw Lets Viruses Spread Via JPEGs

Discussion in 'Computer Security' started by Colonel_Flagg, Sep 26, 2004.

  1. I believe I mentioned something to this effect over a year ago.




    /CF


    In article <1096091095.SNSeiEr+78YAmHymJyn9yQ@teranews>,
    says...
    > REDMOND, Wash. -
    > It's one thing to say a particular image bugs you, but it's something else
    > again for someone to take it a little too literally: Hackers are believed
    > closer to figuring out how to spread computer viruses just by getting you to
    > open an e-mail or visit a Website that includes a contaminated .jpeg image.
    >
    > Several computer security experts are warning that a new security flaw in
    > Microsoft Windows XP and Server 2003 is prone to new tools the hacker world
    > is developing to take control of people's computers - a flaw in the computer
    > code that displays .jpeg image files, through which hackers embed viruses
    > into digital photographs the minute you visit an infected Website or open a
    > specially-designed e-mail.
    >
    > Microsoft identified the flaw a week ago and has since issued a patch for
    > it, but this isolates a shift in how security experts are urging less
    > tech-savvy Netizens to stay safe, according to several reports. "We always
    > said there's no way you can be infected [with a computer virus] just by
    > looking at a photograph online, but now it looks like we may have to eat our
    > words on that," said SANS Internet Storm Center and former White House
    > cyberspace security advisor Marcus Sachs to reporters. "This year we've seen
    > a lot of changes to the fundamental ways we thought we were secure."
    >
    > TruSecure Corp. chief scientist Russ Cooper believes it's pretty likely
    > you'll see one or another kind of malicious code target the Microsoft flaw
    > "very soon. The security hole is just too attractive for the bad guys to
    > pass up."
    >
    > The Washington Post said this kind of malware infection could "give new life
    > to a kind of Internet threat that so far has been the stuff of myths and
    > hoaxes. For years, Internet chain letters have warned users to be on the
    > lookout for viruses or worms that can wreak digital havoc just by getting
    > people to open an e-mail message. In reality, most viruses arrive as e-mail
    > attachments and do not activate unless the user opens the attachment."
    >
    > Cooper said most companies don't really see digital images as virus threats
    > and usually let them pass undisrupted through corporate firewalls, but the
    > Post said security experts' fears stem from a big change in how fast virus
    > writers jump on discovered vulnerabilities to take over home and business
    > computers alike. Norton AntiVirus makers Symantec earlier this week issued a
    > six-month analysis saying it is now less than six days between the
    > announcement of a software flaw and the arrival of malware aimed at
    > exploiting it.
    >
    >
    >


    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel_Flagg, Sep 26, 2004
    #1
    1. Advertising

  2. Colonel_Flagg

    Jim Watt Guest

    On Sun, 26 Sep 2004 03:17:53 -0400, Colonel_Flagg
    <colonel_flagg@_NOSOUPFORJ00_internetwarzone.org> wrote:

    >
    >I believe I mentioned something to this effect over a year ago.
    >


    The curent problem is restricted to the GDI+ module which is part
    of the .net framework, so its not present otherwise.

    Its not like an inherrent flaw in IE

    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Sep 26, 2004
    #2
    1. Advertising

  3. In article <>,
    Jim Watt <_way> wrote:
    >
    >On Sun, 26 Sep 2004 03:17:53 -0400, Colonel_Flagg
    ><colonel_flagg@_NOSOUPFORJ00_internetwarzone.org> wrote:
    >
    >>
    >>I believe I mentioned something to this effect over a year ago.
    >>

    >
    >The curent problem is restricted to the GDI module which is part
    >of the .net framework, so its not present otherwise.


    I understand.

    --
    Lady Chatterly

    "Hey Meat-->Retard, meet your replacement, Lady C! All the pointless
    stupidity in a followup I could ever want and more! And it's
    automated! With "Brand X" programming! Oh, oh you're obsolete now,
    mother fucker. -- Onideus Mad Hatter
     
    Lady Chatterly, Sep 26, 2004
    #3
  4. Colonel_Flagg

    Leythos Guest

    In article <>,
    colonel_flagg@_NOSOUPFORJ00_internetwarzone.org says...
    >
    > I believe I mentioned something to this effect over a year ago.


    And if you do automatic updates nightly at any time, you're already
    protected.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Sep 26, 2004
    #4
  5. Colonel_Flagg

    FrozenNorth Guest

    On this fine day Leythos tossed the following into the public domain:

    > In article <>,
    > colonel_flagg@_NOSOUPFORJ00_internetwarzone.org says...
    >>
    >> I believe I mentioned something to this effect over a year ago.

    >
    > And if you do automatic updates nightly at any time, you're already
    > protected.
    >

    Obviously you haven't seen the GDI+ detection tool on windows update, it
    will not fix all problems without user help.
    --
    Froz ...
     
    FrozenNorth, Sep 26, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ionizer

    'Dumb' users spread viruses

    Ionizer, Feb 7, 2004, in forum: Computer Support
    Replies:
    8
    Views:
    425
    michael turner
    Feb 8, 2004
  2. Imhotep

    Targeted trojan attacks via Word flaw

    Imhotep, May 23, 2006, in forum: Computer Security
    Replies:
    1
    Views:
    454
    Imhotep
    May 24, 2006
  3. Pat

    Viruses are hidding via Sony's rootkit

    Pat, Nov 12, 2005, in forum: Computer Support
    Replies:
    10
    Views:
    562
    Ralph Wade Phillips
    Nov 15, 2005
  4. Au79
    Replies:
    0
    Views:
    490
  5. Au79
    Replies:
    8
    Views:
    333
    Mitch
    Jan 24, 2006
Loading...

Share This Page