Source Pravda.Ru

Malicious code in JPEGs to download Trojan

In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG format.

Software tools to create the malicious &to=http:// english.pravda.ru/society/2001/06/13/7633.html' target=_blank>images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups.

To get the malicious code, a visitor must download the image and view it using Microsoft's Windows Explorer software, said Oliver Friedrichs, senior manager with Symantec Security Response, wrote Detroit Free Press.

The computer then contacts a server to obtain code that would let an attacker take over the machine remotely.

Friedrichs said the current exploit is fairly limited but that he expects future attempts to create malicious images that would work on the more popular Outlook and Internet Explorer programs, also made by Microsoft, says Wired News.

The code, which Easynews called a virus, does not have any &to=http:// english.pravda.ru/war/2003/03/22/44869.html ' target=_blank>mechanism to spread, antivirus-software company F-Secure said in its Weblog.

"These JPEGs did not replicate, so this is not a virus," the company said. "Apparently they tried to use these JPEGs to download &to=http:// english.pravda.ru/science/19/94/379/13534_virus.html ' target=_blank>Trojan (horse programs) to vulnerable computers, but the download sites should be down by now."

Both McAfee and Symantec have generic detection in their antivirus software for images that contain malicious code.

The JPEG flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro.

Certainly readers already know that the Prosecutor's Office of Nanterre has ordered that Marine Le Pen, secretary of the Rassemblement National (former FN) and parliamentary to the Assembly, be submitted to psychiatric examination.

This is a liberation fight from the Soviet EU

Certainly readers already know that the Prosecutor's Office of Nanterre has ordered that Marine Le Pen, secretary of the Rassemblement National (former FN) and parliamentary to the Assembly, be submitted to psychiatric examination.

This is a liberation fight from the Soviet EU
Comments
Russia to ship S-300 to Syria after Il-20 shootdown
On the collapse of civility in Western nations: living in the era of 'not nice'
On the collapse of civility in Western nations: living in the era of 'not nice'
Roscosmos contractor steals millions, state secrets and flees to USA
Roscosmos contractor steals millions, state secrets and flees to USA
Russia to ship S-300 to Syria after Il-20 shootdown
How many aircraft and pilots Russia has lost in Syria so far
Russia to ship S-300 to Syria after Il-20 shootdown
Russia to ship S-300 to Syria after Il-20 shootdown
Gaddafi's predictions come true as Americans gang rape the world
Russia to ship S-300 to Syria after Il-20 shootdown
Gaddafi's predictions come true as Americans gang rape the world
A glimpse into the past and the future
Russian women to be allowed to work as train drivers and pilots
A glimpse into the past and the future
How many aircraft and pilots Russia has lost in Syria so far
A glimpse into the past and the future
On the collapse of civility in Western nations: living in the era of 'not nice'
NATO to strike Russia through Suwalki Corridor
NATO to strike Russia through Suwalki Corridor
Russia to ship S-300 to Syria after Il-20 shootdown