First JPG trojan horse found today

Posted on Tuesday, September 28 2004 @ 19:20 CEST by Thomas De Maesschalck
A JPG image trojan has been found today that takes advantage of a bug found last week in Microsoft's Graphic Device Interface Plus. This software is used in dozens of Microsoft products like Windows and Office.

Users of Windows XP and Windows Server versions are vulnerable unless a patch has been installed or if the systems have been upgraded to Windows XP Service Pack 2. But be warned, some non-Microsoft software is also at risk.
The report of the widely expected exploit comes less than a week after sample code appeared that demonstrated how to take advantage of Microsoft's programming error. Some security researchers worry that the ubiquity of JPEG images provides an unprecedented opportunity to spread malicious code through file-trading networks, the Web or spamming.

But the Trojan horse images may not be as threatening as a more sophisticated version of the exploit could be.

"These JPEGs did not replicate, so this is not a virus," antivirus software company F-Secure stated in its Weblog. "Apparently they tried to use these JPEGs to download Trojan (horse programs) to vulnerable computers, but the download sites should be down by now."

Once the Trojan horse is activated by viewing the image, it connects to an FTP (File Transfer Protocol) site and downloads software that installs a back door in the infected Windows machine.
More info at Cnet

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments