|
This topic comprises 2 pages: 1 2
|
Author
|
Topic: Viruses in JPEG images
|
Brad Miller
Administrator
Posts: 17775
From: Plano, TX (36.2 miles NW of Rockwall)
Registered: May 99
|
posted 09-19-2004 12:41 AM
As if we don't have enough spamming and viruses in this world...
Microsoft warns of poisoned picture peril
quote: Microsoft warns of poisoned picture peril
By Kevin Poulsen, SecurityFocus Published Wednesday 15th September 2004 07:39 GMT
The old bromide that promises you can't get a computer virus by looking at an image file crumbled a bit further Tuesday when Microsoft announced a critical vulnerability in its software's handling of the ubiquitous JPEG graphics format.
The security hole is a buffer overflow that potentially allows an attacker to craft a special JPEG file that would take control of a victim's machine when the user views it through Internet Explorer, Outlook, Word, and other programs. The poisoned picture could be displayed on a website, sent in email, or circulated on a P2P network.
Windows XP, Windows Server 2003 and Office XP are vulnerable. Older versions of Windows are also at risk if the user has installed any of a dozen other Microsoft applications that use the same flawed code, the company said in its advisory. The newly-released Windows XP Service Pack 2 does not contain the hole, but vulnerable versions of Office running atop it can still be attacked if left unpatched. Patches are available from Microsoft's website.
The company said it's not aware of the hole being publicly exploited in the wild, and has not seen any examples of proof of concept code.
The JPEG bug rounds out a growing menagerie of vulnerabilities in code that displays image files. Mozilla developers last month patched the open-source browser against a critical hole discovered in a widely-deployed library for processing PNG images. And last July, Microsoft simultaneously fixed two image display holes in Internet Explorer: one made users potentially vulnerable to maliciously-crafted BMP images, the second to corrupt GIF files. The GIF bug had been publicly disclosed 11 months earlier.
There was a time when the idea of a malicious image file was absurd enough to be the topic of an April Fools joke. One early and widely-circulated hoax message dating from 1994 warned users of a computer virus infecting the comment field of JPEG files.
"It was someone saying that just looking at a JPEG on your screen can get you a virus," recalls Rob Rosenberg, editor of the debunking site Vmyths.com. "In '94 it was a myth, but in '04 it's the real thing... We've got the JPEG of death now."
Here is what Microsoft's website has to say
| IP: Logged
|
|
|
|
|
|
|
|
Daryl C. W. O'Shea
Film God
Posts: 3977
From: Midland Ontario Canada (where Panavision & IMAX lenses come from)
Registered: Jun 2002
|
posted 09-20-2004 02:04 AM
There's no money trail to follow. Anti-Virus companies don't need to pay people to write virii. There are plenty of college/university losers with no girlfriends to write them free o' charge.
More on topic. There aren't, as of the present, any virii embedded in JPEG files. It's possible to exploit certain pieces of software that use a common module, but no one has done it yet. Microsoft is, yet again, being proactive on patching their products.
The problem is they can't win either way. They release a patch before there's an exploit and lazy people don't install the patch. Then somebody reverse engineers the patch (not entirely hard to do if you know what you're doing), and releases an exploit to attack those long unpatched systems. People bitch at Microsoft. They can't win.
As for tracking down the people who write virii, etc. It's far more difficult to do than tracking down spam sources, for instance.
Imagine you come across a blank piece of generic paper. Then you go to some (any) library a type out something, like a riddle, whatever. Then print that on a very common (and therefore untraceable) printer, such as any number of Hewlett Packard LaserJets. The stick that riddle in an envelope, address, and stamp it, without leaving any personally identifying evidence. Then mail that from anywhere in the world. Yes, pretend that you can mail it anywhere in the world you want at no additional cost. Now tell me how to track you down after I receive it. It's not easy.
Sending instructions can be done annonymously so long as you don't require any response back. In some cases, you can even accept a response but drop it before it ever gets anywhere near you.
| IP: Logged
|
|
|
Jeff Stuckey
Film Handler
Posts: 62
From: Oklahoma City, OK, USA
Registered: May 2003
|
posted 09-20-2004 04:45 PM
I actually got this, and Cox Communications shut my service down. I called, and they said my account was suspended because I was sending out a virus. Which I thought was rather odd because I barely use my computer at home. So they turned me back on long enough to do a live update and scan the drive. It found no virus. I called them back and they still would not turn me back on. Said it was probably a trojan virus, then accused me of downloading from Kazaa that could probably be the problem. I promptly informed them I haven't used Kazaa for a year or so now. The professional all-knowing Cox tech then told me to just format my C drive, then call them back. I told him I was behind three firewalls (router, Zone Alarm and Windows XP). He said that wouldn't matter. And Cox has this big anti-virus free campaign BS going on too.
I went in and did a system restore backing up about 2 days, then called them back the next morning. So far no problems. Was told by Cox that this was my first "strike". Two more, and they will not turn me back on. Nice, huh.
Some people have just way too much time on their hands.
| IP: Logged
|
|
|
|
|
|
|
|
All times are Central (GMT -6:00)
|
This topic comprises 2 pages: 1 2
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|