The Hindu Business Line : Pretty...dangerous

A picture may or may not be worth a thousand words — but it could be dangerous. Like the JPEG image in your e-mail inbox that could infect your computer.

A DECADE ago, the infection of a computer by virus contained in a graphic was the subject of hoax e-mail which read: "If you use a 386/486/Pentium machine to display your JPEG pictures, then you are at risk of catching the JPEG virus. Although the JPEG virus is nominally benign, it can cause some multisync monitors to malfunction, effectively destroying the monitor."

Fact, unfortunately, has caught up with fiction with the late September spotting of Trojan Horse images capable, on being viewed, of creating a backdoor in Windows.

It all began with EasyNews, a provider of Usenet newsgroups, announcing that it had identified two JPEG images that exploited flawed software code used by numerous Microsoft applications to infect computers — less than a week after the release of a sample code demonstrating how certain errors in Microsoft's programming could be taken advantage of to spread malicious code through the Web.

The Windows' Graphic Device Interface Plus (GDI+) software, it now turns out, has a JPEG-processing vulnerability that affects various Microsoft products. The affected code has something called a "buffer overrun" flaw. The buffer is a protected part of the computer memory, but flaws can mean that excessive input data can overrun into unprotected parts of a memory. Malicious programmers can use such a flaw to execute unauthorised code on computers, thereby providing themselves with a potential point of entry to take complete control. The vulnerable products include the Office suite and Windows XP. Windows Server versions are vulnerable too, unless a Microsoft patch has been installed recently or, in the case of XP, if the systems have been upgraded to Service Pack 2. The bug does not affect non-Microsoft operating systems such as Linux and Mac OS X.

On September 30, security experts at the SysAdmin Audit Network Security Institute declared that the virus is still in its infancy even as the Internet Storm Center announced that the JPEG vulnerability was spreading through America Online's instant-messaging programme. People had apparently begun receiving AOL Instant Messenger messages that read: "Check out my profile, click GET INFO!" The victims were then directed to Web sites hosting the pesky JPEG images. Infected computers, in addition to becoming vulnerable to remote control by hackers, were sending the same message to the contacts contained in the instant messenger list.

At about the same time, security experts found out to their chagrin that the dangerous JPEG images could avoid detection by antivirus software which, by default, scans only for .exe files and, therefore, does not spot JPEGs. In any case, the file extension on a JPEG can be changed freely — there are about 11 file name extensions to which they can be changed — which basically means that you can set your antivirus scanner to look for JPEGs but you still won't be safe.

Microsoft has issued a patch for the vulnerability and put out a statement: "Microsoft does not consider this a high risk to customers, given the amount of user action required to execute the attack, and is not currently aware of any significant customer impact. We will continue to investigate the situation and provide customers with additional resources and guidance, as necessary."

A picture may or may not be worth a thousand words — but it's certainly turning out to be pretty dangerous.

Picture by Shiv Kumar Pushpakar

eworld@thehindu.co.in

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
It's there in fine print

Travel with me, mate!

Change of hands doesn't hurt

Browser problem