Advertisement
Promo

Security threats Toolkit

Windows image security hole breached

Declan McCullagh and Robert Lemos CNET News

Published: 28 Sep 2004 17:35 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Internet watchers say they've spotted infected images that could implant a back door into a Windows computer if they are viewed.

EasyNews, a provider of Usenet newsgroups, said it has identified two JPEG images that take advantage of a previously identified flaw in the way Microsoft software handles graphics files. Windows users could have their computers infected merely by opening one of those Trojan horse images.

The report of the widely expected exploit comes less than a week after sample code appeared that demonstrated how to take advantage of Microsoft's programming error. Some security researchers worry that the ubiquity of JPEG images provides an unprecedented opportunity to spread malicious code through file-trading networks, the Web or spamming.

But the Trojan horse images may not be as threatening as a more sophisticated version of the exploit could be.

"These JPEGs did not replicate, so this is not a virus," antivirus software company F-Secure stated in its Weblog. "Apparently they tried to use these JPEGs to download Trojan (horse programs) to vulnerable computers, but the download sites should be down by now."

Windows' Graphic Device Interface Plus (GDI+) software contains a JPEG-processing vulnerability that affects dozens of Microsoft products, including the Office suite. Windows XP and Windows Server versions are vulnerable unless a Microsoft patch has been installed in the last few weeks or, in the case of XP, if the systems have been upgraded to Service Pack 2.

Other Windows versions may be at risk depending on what applications are installed. The issue does not affect non-Microsoft operating systems such as Linux and Mac OS X.

Developers at California-based EasyNews created a short program to scan JPEG files flowing through their system for identifying features of the GDI+ exploit.

"It paged my cell phone at 6:47pm PDT on 9/26/2004 for the first hit, and 7:52pm PDT on 9/26/2004 for the second hit," one of the developers wrote in a Web posting.

Once the Trojan horse is activated by viewing the image, it connects to an FTP (File Transfer Protocol) site and downloads software that installs a back door in the infected Windows machine.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
84 out of 142 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters