On last.fm: Michael Jackson radio - Listen now!
BNET Business Network:
BNET
TechRepublic
ZDNet
76 TalkBacks

By Dan Ilett
Posted on ZDNet News: Sep 29, 2004 2:48:00 PM

Antivirus software could be ill-prepared to protect corporate networks from the latest Windows vulnerability--innocent-looking JPEG files that contain security attacks.

According to Mikko Hypponen, director of antivirus research for F-Secure, antivirus software will strain to find JPEG malware, because by default, it only searches for .exe files.

"Normal antivirus software, by default, will not detect JPEGs," Hypponen said. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."

There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. Hypponen said this would make finding malicious JPEGs even more difficult; searching could take up a significant amount of valuable processor power.

Internet Explorer processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.

"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway, but this will put a huge load on your bandwidth."

Hypponen said he expected a virus attack using the exploit to occur soon: "There has been so much interest in this vulnerability that someone is bound to do this. But saying that, there was a similar vulnerability found two months ago in bitmaps, and no one has exploited that yet."

Word of code that exploits the way Microsoft Windows processes JPEGs was posted in recent days to the Internet newsgroup EasyNews. Hypponen wrote on the F-Secure Web log that the exploit was not a virus because it had no way of spreading. In order for the code to infect a machine, a user must download the image it purports to be and view it in Windows Explorer.

On Tuesday, Microsoft hit back at critics over its handling of the vulnerability.

"Microsoft does not consider this a high risk to customers, given the amount of user action required to execute the attack, and is not currently aware of any significant customer impact," the company said in a statement. "We will continue to investigate the situation and provide customers with additional resources and guidance, as necessary."

Dan Ilett of ZDNet UK reported from London. CNET News.com's Rob Lemos contributed to this report.

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 76 Talkback(s)
Apples sure are pretty, but...
I would love to own a MAC, but they just don't offer enough bang for the buck. Sure, if I had money to burn I'd buy a loaded G5 Power Mac tonight. However, I'm just not willing to buy a stripped down ... (Read the rest)
Posted by: psterrett Posted on: 12/29/04 You are currently: a Guest | | Terms of Use
Microsoft does not consider this a high risk to customers  TTGIT Guy | 09/29/04
another question to ask MS...  Monkey_MCSE | 09/29/04
I'm sure  DarthRidiculous | 09/29/04
According to the Office Update site...  cglrcng@... | 09/29/04
re: Microsoft does not consider this a high risk to customers  psychodave | 09/29/04
This is getting really blown out of proportion  Michael Kelly | 09/29/04
small companies can not fork this kind of money out immediately though  Monkey_MCSE | 09/29/04
Trust me, I'm well aware of that.  Michael Kelly | 09/29/04
But aren't you just a *little* bit angry...  Zogg | 09/29/04
Of course I am  Michael Kelly | 09/29/04
But being angry is the first step...  Zogg | 09/29/04
Who's angry?  laredoflash@... | 09/29/04
Incorrect  johnnylumber | 09/29/04
So in other words...  Michael Kelly | 09/29/04
How will I deal with it? Simple  laredoflash@... | 09/29/04
Combined Gateway Devices  Mawdo | 09/30/04
Taking the Lord's name in vain  netace_z | 09/29/04
Due to complaints...  Michael Kelly | 09/29/04
Microsloth Is So Full Of Crap It's Not Funny  itanalyst | 09/29/04
Linux Zealots  CodeBubba | 09/29/04
Your full of crap.  ThinkAboutIt | 09/29/04
Ok, So Is This Going To Change Microsloth's Support for IE Pre XP? NO!  itanalyst | 09/29/04
Ummm please read the ENTIRE Microsoft article,...  SysAn63 | 10/01/04
Thank-You For This Info  lbattis@... | 09/29/04
nice site, but nothing there that patches what i need  Monkey_MCSE | 09/29/04
I think the bigger problem is Microsofts lack of support prior to XP.  Stellardyne | 09/29/04
I can see the porn industry...  Saxonborg | 09/29/04
That was the first thing I thought about  kribor_z | 09/29/04
Just the Opposite...  tjleeland | 09/30/04
Nothing to worry about  astumpf | 09/29/04
The UFO...  TrustMe_z | 09/29/04
UFO inhabitant = Advanced being  SysAn63 | 10/01/04
It is remarkable  michael-t | 09/29/04
And they're not going to change it  Michael Kelly | 09/29/04
Yep...  BitTwiddler | 09/29/04
Microsoft care for customers?  mespoppa | 09/29/04
Good post  Martin Marvinski | 09/29/04
Another M$ monopoly  DarthRidiculous | 09/29/04
My PC is now banned from the internet  Ken_z | 09/29/04
Accounting software...  Stellardyne | 09/29/04
I'm slowly moving it  Ken_z | 09/29/04
Never happen  DarthRidiculous | 09/29/04
iMac arrived yeaterday  Ken_z | 09/29/04
Apples sure are pretty, but...  psterrett | 12/29/04
REAL antivirus software...  Brian | 09/29/04
real CLEVER Anti-Virus software  scott@... | 09/29/04
Can build a malicious JPEG, but can't code to kill cancer  FilledOut | 09/29/04
Ground Control to Major Tom  lbattis@... | 09/29/04
Am I safe?  trashgordon | 09/29/04
You are in the wrong place  NonZealot | 09/29/04
Brilliant comment !  George Jay | 09/29/04
So true and so sad  FilledOut | 09/29/04
You are in the ... right one....  michael-t | 09/29/04
This is a Technical Site  TrustMe_z | 09/29/04
A bit over the top  Cypher_z | 09/29/04
Nah, IBM would take it up  FilledOut | 09/30/04
The answer is...  Michael Kelly | 09/29/04
NO, you are not safe!  netace_z | 09/29/04
Probably not.  PA-ITGuy | 09/29/04
Interesting  rapson | 09/30/04
Would Like To Get Rid Of It  charliegirl | 09/29/04
Look around at other offerings  Ken_z | 09/29/04
There is a MS patch, for IE6  Cypher_z | 09/29/04
IE5 doesn't need the patch if service packs are installed.  ThinkAboutIt | 09/29/04
multiple partitions for enhanced security?  stan.hutchings | 09/29/04
Why don't you just use a separate computer?  limelight | 10/08/04
Triple booting is a piece of cake  psterrett | 12/29/04
Going to linux ?  jonas_atc | 09/29/04
Lots of information ...  George Mitchell | 09/30/04
Kanotix is the perfect choice for a novice.  psterrett | 12/29/04
Probably a virus or a trojan on MSN  cherry_lyptus | 09/29/04
the fix  smartypantz | 09/30/04
Doesnt This Exploit Violate Jpeg Patent  ParadigmOdyssey | 09/30/04
jpeg exploit  neill2002 | 09/30/04
SP-2  raphael357@... | 10/01/04
the sky is falling the sky is falling  neill2002 | 10/07/04

What do you think?

advertisement
Click Here
advertisement

White Papers, Webcasts, and Downloads

Meet Doc