| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 49776 | 2004-09-30 03:10:00 | Trojan JPEGs Hit the Net' | 00falcon (3801) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 277046 | 2004-09-30 03:10:00 | Trojan JPEGs Hit the ‘Net ================= We knew it would happen. Just last week, sample code hit the Web that allows malicious coders to exploit the Microsoft GDIplus JPEG processing vulnerability. Late on Sunday, actual Trojan horse JPEG images were found in newsgroup postings.l Apparently, these two images weren’t very threatening: “These JPEGs did not replicate, so this is not a virus,” antivirus software company F-Secure stated in its Weblog. “Apparently they tried to use these JPEGs to download Trojan (horse programs) to vulnerable computers, but the download sites should be down by now.” Though these first POC (proof-of-concept)JPEGs are relatively mild, future ones will represent a greater threat. According to a Handler’s Diary posted more than 10 days ago on the Internet Storm Center (ISC) site, we’re not far from a massive attack: “We have seen this same pattern in the past - a significant vulnerability is announced, followed in a few days by POC code that usually causes a system crash or denial of service condition, followed by a hunt to get a reliable and simple buffer overflow to work…. Once an attack mechanism is perfected, then it’s just a matter of hours or days before worm code is launched.” If you bank on what the ISC says, expect to see a worm or mass-mailer exploit in a couple of days, so you had better not put off patching your system. Do it. TODAY. This is a bad one, folks. I hope I’m wrong, but it could go down as the worst one yet when the body count is tallied. XP users can go ahead and swallow the SP2 update pill: XP SP2 machines are not vulnerable. But this will not fix Office or any other vulnerable applications, so be sure to apply the necessary patches to those. While you’re at it, make sure your virus definitions are up to date, too. (You ARE running anti-virus protection, right?) The good news is that according to ISC, “Most popular anti-virus scanners are able to detect these exploitative JPG’s…identifying them as ‘Exploit-MS04-028’ or ‘Bloodhound.Exploit.13’….” Check your anti-virus provider’s site for details. Don’t say I didn’t warn ya! |
00falcon (3801) | ||
| 277047 | 2004-09-30 03:11:00 | P.S. this was a cut 'n' paste... | 00falcon (3801) | ||
| 277048 | 2004-09-30 03:23:00 | Ive got the source code for one that will download VNC and connect via IRC to a room on freenode, then send the IP of the PC infected. You're talking like you're waiting for trojans etc - They're already out there! |
Chilling_Silence (9) | ||
| 1 | |||||