JPEG exploit could beat antivirus software | Tech News on ZDNet

On TechRepublic: 19 words you don't want in your resume

BNET Business Network:: BNET; TechRepublic; ZDNet

TalkBack

By Dan Ilett, News.com
Posted on ZDNet News: Sep 29, 2004 2:48:00 PM

Antivirus software could be ill-prepared to protect corporate networks from the latest Windows vulnerability--innocent-looking JPEG files that contain security attacks.

According to Mikko Hypponen, director of antivirus research for F-Secure, antivirus software will strain to find JPEG malware, because by default, it only searches for .exe files.

"Normal antivirus software, by default, will not detect JPEGs," Hypponen said. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."

There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. Hypponen said this would make finding malicious JPEGs even more difficult; searching could take up a significant amount of valuable processor power.

Internet Explorer processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.

"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway, but this will put a huge load on your bandwidth."

Hypponen said he expected a virus attack using the exploit to occur soon: "There has been so much interest in this vulnerability that someone is bound to do this. But saying that, there was a similar vulnerability found two months ago in bitmaps, and no one has exploited that yet."

Word of code that exploits the way Microsoft Windows processes JPEGs was posted in recent days to the Internet newsgroup EasyNews. Hypponen wrote on the F-Secure Web log that the exploit was not a virus because it had no way of spreading. In order for the code to infect a machine, a user must download the image it purports to be and view it in Windows Explorer.

On Tuesday, Microsoft hit back at critics over its handling of the vulnerability.

"Microsoft does not consider this a high risk to customers, given the amount of user action required to execute the attack, and is not currently aware of any significant customer impact," the company said in a statement. "We will continue to investigate the situation and provide customers with additional resources and guidance, as necessary."

Dan Ilett of ZDNet UK reported from London. CNET News.com's Rob Lemos contributed to this report.

SponsoredWhite Papers, Webcasts, and Downloads

Talkback
Most Recent of 76 Talkback(s)

Thread View
Flat View

Apples sure are pretty, but...: I would love to own a MAC, but they just don't offer enough bang for the buck. Sure, if I had money to burn I'd buy a loaded G5 Power Mac tonight. However, I'm just not willing to buy a stripped down ... (Read the rest); Posted by: psterrett Posted on: 12/29/04 You are currently: Logged In | Log out

Microsoft does not consider this a high risk to customers wjw@... | 09/29/04

another question to ask MS... Monkey_MCSE | 09/29/04

I'm sure Argonnj | 09/29/04

According to the Office Update site... cglrcng@... | 09/29/04

re: Microsoft does not consider this a high risk to customers psychodave | 09/29/04

This is getting really blown out of proportion Michael Kelly | 09/29/04

small companies can not fork this kind of money out immediately though Monkey_MCSE | 09/29/04

Trust me, I'm well aware of that. Michael Kelly | 09/29/04

But aren't you just a *little* bit angry... Zogg | 09/29/04

Of course I am Michael Kelly | 09/29/04

But being angry is the first step... Zogg | 09/29/04

Who's angry? laredoflash@... | 09/29/04

Incorrect johnnylumber | 09/29/04

So in other words... Michael Kelly | 09/29/04

How will I deal with it? Simple laredoflash@... | 09/29/04

Combined Gateway Devices Mawdo | 09/30/04

Taking the Lord's name in vain netace_z | 09/29/04

Due to complaints... Michael Kelly | 09/29/04

Microsloth Is So Full Of Crap It's Not Funny itanalyst | 09/29/04

Linux Zealots CodeBubba | 09/29/04

Your full of crap. ThinkAboutIt | 09/29/04

Ok, So Is This Going To Change Microsloth's Support for IE Pre XP? NO! itanalyst | 09/29/04

Ummm please read the ENTIRE Microsoft article,... SysAn63 | 10/01/04

Thank-You For This Info lbattis@... | 09/29/04

nice site, but nothing there that patches what i need Monkey_MCSE | 09/29/04

I think the bigger problem is Microsofts lack of support prior to XP. Stellardyne | 09/29/04

I can see the porn industry... Saxonborg | 09/29/04

That was the first thing I thought about kribor_z | 09/29/04

Just the Opposite... tjleeland | 09/30/04

Nothing to worry about astumpf | 09/29/04

The UFO... TrustMe_z | 09/29/04

UFO inhabitant = Advanced being SysAn63 | 10/01/04

It is remarkable michael-t | 09/29/04

And they're not going to change it Michael Kelly | 09/29/04

Yep... BitTwiddler | 09/29/04

Microsoft care for customers? mespoppa | 09/29/04

Good post Martin Marvinski | 09/29/04

Another M$ monopoly Argonnj | 09/29/04

My PC is now banned from the internet Ken_z | 09/29/04

Accounting software... Stellardyne | 09/29/04

I'm slowly moving it Ken_z | 09/29/04

Never happen Argonnj | 09/29/04

iMac arrived yeaterday Ken_z | 09/29/04

Apples sure are pretty, but... psterrett | 12/29/04

REAL antivirus software... Brian | 09/29/04

real CLEVER Anti-Virus software scott@... | 09/29/04

Can build a malicious JPEG, but can't code to kill cancer FilledOut | 09/29/04

Ground Control to Major Tom lbattis@... | 09/29/04

Am I safe? GordonAyes | 09/29/04

You are in the wrong place NonZealot | 09/29/04

Brilliant comment ! George Jay | 09/29/04

So true and so sad FilledOut | 09/29/04

You are in the ... right one.... michael-t | 09/29/04

This is a Technical Site TrustMe_z | 09/29/04

A bit over the top Cypher_z | 09/29/04

Nah, IBM would take it up FilledOut | 09/30/04

The answer is... Michael Kelly | 09/29/04

NO, you are not safe! netace_z | 09/29/04

Probably not. PA-ITGuy | 09/29/04

Interesting rapson | 09/30/04

Would Like To Get Rid Of It charliegirl | 09/29/04

Look around at other offerings Ken_z | 09/29/04

There is a MS patch, for IE6 Cypher_z | 09/29/04

IE5 doesn't need the patch if service packs are installed. ThinkAboutIt | 09/29/04

multiple partitions for enhanced security? stan.hutchings | 09/29/04

Why don't you just use a separate computer? limelight | 10/08/04

Triple booting is a piece of cake psterrett | 12/29/04

Going to linux ? jonas_atc | 09/29/04

Lots of information ... George Mitchell | 09/30/04

Kanotix is the perfect choice for a novice. psterrett | 12/29/04

Probably a virus or a trojan on MSN cherry_lyptus | 09/29/04

the fix smartypantz | 09/30/04

Doesnt This Exploit Violate Jpeg Patent ParadigmOdyssey | 09/30/04

jpeg exploit neill2002 | 09/30/04

SP-2 raphael357@... | 10/01/04

the sky is falling the sky is falling neill2002 | 10/07/04

What do you think?

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SponsoredWhite Papers, Webcasts, and Downloads

The Green Enterprise

A look into the enterprise to explore eco-friendly practices and innovations. In this ZDNet video series learn about what's motivating green tech, and how green technologies are impacting IT. 0:42
Harnessing the power of waves 3:13
Planting solar gardens 5:06
Fill your car for $1.10 a gallon? 1:43
All series videos »

Click Here

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More