Source Pravda.Ru

Malicious code in JPEGs to download Trojan

In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG format.

Software tools to create the malicious &to=http:// english.pravda.ru/society/2001/06/13/7633.html' target=_blank>images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups.

To get the malicious code, a visitor must download the image and view it using Microsoft's Windows Explorer software, said Oliver Friedrichs, senior manager with Symantec Security Response, wrote Detroit Free Press.

The computer then contacts a server to obtain code that would let an attacker take over the machine remotely.

Friedrichs said the current exploit is fairly limited but that he expects future attempts to create malicious images that would work on the more popular Outlook and Internet Explorer programs, also made by Microsoft, says Wired News.

The code, which Easynews called a virus, does not have any &to=http:// english.pravda.ru/war/2003/03/22/44869.html ' target=_blank>mechanism to spread, antivirus-software company F-Secure said in its Weblog.

"These JPEGs did not replicate, so this is not a virus," the company said. "Apparently they tried to use these JPEGs to download &to=http:// english.pravda.ru/science/19/94/379/13534_virus.html ' target=_blank>Trojan (horse programs) to vulnerable computers, but the download sites should be down by now."

Both McAfee and Symantec have generic detection in their antivirus software for images that contain malicious code.

The JPEG flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro.

Comments
Attempts to blame Russia for MH17 disaster continue zealously
Skripals fall under heavy British pressure
Iran's next moves on nuclear deal much more important - Kremlin
Russian air defences ready to shoot down NATO drones and reconnaissance aircraft over Crimea
Kremlin wants foreign invaders out of Syria
Russian air defences ready to shoot down NATO drones and reconnaissance aircraft over Crimea
Elon Musk and a Truth called Pravda
Russian air defences ready to shoot down NATO drones and reconnaissance aircraft over Crimea
The Royal Wedding and the Silly Season
The Royal Wedding and the Silly Season
The Royal Wedding and the Silly Season
The Royal Wedding and the Silly Season
Attempts to blame Russia for MH17 disaster continue zealously
Ukraine's exit from Commonwealth of Independent States will affect common Ukrainians most
Kremlin on failed nuclear missile tests: 'Listen to President Putin and believe him!'
Russian air defences ready to shoot down NATO drones and reconnaissance aircraft over Crimea
Russian air defences ready to shoot down NATO drones and reconnaissance aircraft over Crimea
Russian stock market, national currency collapse because of US sanctions
Russian stock market, national currency collapse because of US sanctions
Russians massively break traffic rules on Crimea Bridge
Putin’s spokesman: Total blockade of Russia impossible