Source Pravda.Ru

Malicious code in JPEGs to download Trojan

In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG format.

Software tools to create the malicious &to=http:// english.pravda.ru/society/2001/06/13/7633.html' target=_blank>images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups.

To get the malicious code, a visitor must download the image and view it using Microsoft's Windows Explorer software, said Oliver Friedrichs, senior manager with Symantec Security Response, wrote Detroit Free Press.

The computer then contacts a server to obtain code that would let an attacker take over the machine remotely.

Friedrichs said the current exploit is fairly limited but that he expects future attempts to create malicious images that would work on the more popular Outlook and Internet Explorer programs, also made by Microsoft, says Wired News.

The code, which Easynews called a virus, does not have any &to=http:// english.pravda.ru/war/2003/03/22/44869.html ' target=_blank>mechanism to spread, antivirus-software company F-Secure said in its Weblog.

"These JPEGs did not replicate, so this is not a virus," the company said. "Apparently they tried to use these JPEGs to download &to=http:// english.pravda.ru/science/19/94/379/13534_virus.html ' target=_blank>Trojan (horse programs) to vulnerable computers, but the download sites should be down by now."

Both McAfee and Symantec have generic detection in their antivirus software for images that contain malicious code.

The JPEG flaw affects various versions of at least a dozen Microsoft software applications and operating systems, including Windows XP, Windows Server 2003, Office XP, Office 2003, Internet Explorer 6 Service Pack 1, Project, Visio, Picture It and Digital Image Pro.