*Got a Windows box? Here comes all hell –
in a *picture.*
Hackers Target Microsoft's JPEG Flaw
- Sep 28, 2004 09:29 PM (AP Online)
NEW YORK (AP) – In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG format.
Software tools to create the malicious images began appearing last
month, and this week security experts saw images employing them
posted on adult-oriented Usenet newsgroups.
To get the malicious code, a visitor must download the image and view it using Microsoft's Windows Explorer software, said Oliver
Friedrichs, senior manager with Symantec Security Response.
*Oh look, here's a jpeg. Bang, you're a spambox.
*It took an entire WEEK for the globalized digital
underground to turn this vulnerability into
a for-profit crowbar for organized crime.
–JPEG Vulnerability Exploits
(23/22 September 2004)
Two exploits for the recently disclosed JPEG vulnerability are now
circulating on the Internet. An earlier proof-of-concept exploit could be used to crash or freeze vulnerable systems; the newer exploits could be used by attackers to run their own code on and take control of unpatched machines, according to the SANS Internet Storm Center CTO Johannes Ullrich.
http://www.computerworld.com/printthis/2004/0,4814,96124,00.html
http://www.computerworld.com/printthis/2004/0,4814,96088,00.html
