Scanner released to detect and repair MS04-028 infected JPEG files
From: Wayne - diamondcs.com.au (wayne_at_DIAMONDCS.COM.AU)
Date: Sat, 23 Oct 2004 01:48:05 +0800 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
A free scanner called JPEGScan has been released specifically to detect and repair JPEG image files infected with the MS04-028 vulnerability (and all known variations). Rather than employing anti-viral signature detection or string matching techniques, JPEGScan properly "walks" through each block in a JPEG file (as specified by the JPEG file structure) looking for infected areas which indicate the presence of MS04-028 infection. The Repair capability means that many infected JPEGs can become viewable if they were based on a real JPEG to begin with, or at the very least are rendered harmless. Available as both a classic Windows GUI application and a console application, Administrators in particular will find JPEGScan useful for sweeping their networks for infected images, but all users in general will find it a useful tool to add to their security arsenal.
Further information and the direct download (less than 30kbs) can be found at http://www.diamondcs.com.au/jpegscan/