Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Potential Mega Virus Related to JPEG Vulnerability

Potential Mega Virus Related to JPEG Vulnerability

by Nikola Strahija on November 24th, 2004 A potential 'mega virus' stemming from the recent JPEG vulnerability has been identified. Security specialists have pinpointed three scenarios that could lead to a wide-spreading virus affecting organizations around the globe.


Here are three possible scenarios that could lead to an advanced exploitation of the JPEG exploit that began to strike in October: 1. Email Attachment -- Emails with infected JPEG attachments may not be identified by desktop antivirus solutions because they rely on file extensions and MIME types to identify images. 2. Image on a Web Page -- Most gateway security solutions do not inspect JPEG files in HTTP and FTP - if they do inspect these files, it significantly impacts performance.

Links to the infected Web pages can also propagate in email worms, instant messenger worms, IRC worms, etc. 3. Email with a Linked Image -- An attacker or spammer sends an email containing an HTML image link to a JPEG containing malicious code. The JPEG itself resides on a Web server and is automatically downloaded via HTTP when the email is viewed or previewed.

The code is executed the moment the image is viewed or previewed in Outlook or Outlook Express.

It is important to note that infected images could reside not only on Web servers prepared by attackers, but also on previously infected computers which are now turned into slim Web servers or on infected Web servers. This is similar to Nimda and other worms that infected Microsoft IIS Web servers.

If executed correctly, this type of attack could cause massive damage across hundreds of thousands of organizations worldwide, matching or exceeding damages caused by the world's worst previous viruses.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »