Re: for those that think jpgs are "safe"

From: Colonel Flagg (colonel_flagg_at_NOSOUPFORJ00internetwarzone.org)
Date: 11/13/03

• Next message: ssshades2: "Re: A Mailicious looking hack"
• Previous message: Lohkee: "Re: for those that think jpgs are "safe""
• In reply to: dkg_ctc: "Re: for those that think jpgs are "safe""
• Next in thread: Craig A. Finseth: "for those that think jpgs are "safe""
• Reply: Craig A. Finseth: "for those that think jpgs are "safe""
• Reply: dkg_ctc: "Re: for those that think jpgs are "safe""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 12 Nov 2003 22:59:18 -0500

In article <Xns9431778ED3D5dkgctc@130.133.1.4>,
dontknowguilt@hotmail.com says...

>
> You're not claiming that the rendering of a file with a JPEG extension
> as HTML is a security vulnerability. You're simply claiming that it's
> a means of tricking a user to going to a site that they normally
> wouldn't go to. Correct? If so, then we're in agreement (except for
> the fact that you seem to think this vulnerability is limited to IE).
>

my original post stated, if you think jpgs are safe, open this in IE...

i said nothing pointing to IE as the cause, or that jpegs, as they're
suppose to be, an image, aren't safe... my point is (i guess i'll need
to spell it out): opening a .jpg should no longer be considered safe. it
has nothing to do with REAL jpegs, it has nothing to do with images in
general. it has EVERYTHING to do with the FACT that in *some* browser,
jpg's _can_ be mishandled.

this directly relates to a previous thread where folks stated that jpegs
could do no harm. fine. a REAL jpeg won't do any harm..... guns don't
kill, people kill. yet, if you're frightened of a gun, you won't run
right out and buy one, correct? that being said, will you open _all_
.jpg files from this point forward? if you do, do you consider yourself
100%, completely safe? as safe as opening a .txt file? do you still
consider yourself as _safe_ as you were prior to learning about
malformed headers in a jpg file, allowing the jpg to be rendered as html
or javascript or VB?

someone stated earlier in this thread and I forgot to reply, something
about Visual Basic, they basically shrugged it off as a "nuisance". For
those that don't know it, MOST modern viruses are written in VB. VB
*should not* be shrugged off.

this all stems from years and years of hearing about how "opening a jpg
won't hurt anything"... i knew, as did many others, it would only be "so
long" before opening jpgs wasn't to be considered safe.

since all you folks know is reading from nai, norton, etc...

This shows W32/Perrun-A, which isn't an infected .jpg, it's a
modification to file associations, when clicking on a .jpg file, another
.exe (infected) is loaded. Therefore, clicking on .jpg's isn't safe in
this situation:
http://www.sophos.com/virusinfo/analyses/w32perruna.html

This shows W32/Perrun, which is an infected .jpg or .txt, when certain
circumstances exist, the file further infects the system through a .dll
http://securityresponse.symantec.com/avcenter/venc/data/w32.perrun.html

"proof of concept" example of W32/Perrun:
http://vil.nai.com/vil/content/v_99522.htm

more "proof of concept":
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=99522

the above is an example of a "low risk" jpeg infector, however, it is a
proof of concept. what's next?

i've found an example of a .jpg being turned into an executable.... i
can't confirm the existence or how it works (yet), i have sent an email
to the author and hopefully i'll find more out about it soon. if i do,
you'll be the first to know :-)

 

-- 
Colonel Flagg
http://www.internetwarzone.org/
Privacy at a click:
http://www.cotse.net 
Q: How many Bill Gates does it take to change a lightbulb?
A: None, he just defines Darkness? as the new industry standard..."
"...I see stupid people."

---

• Next message: ssshades2: "Re: A Mailicious looking hack"
• Previous message: Lohkee: "Re: for those that think jpgs are "safe""
• In reply to: dkg_ctc: "Re: for those that think jpgs are "safe""
• Next in thread: Craig A. Finseth: "for those that think jpgs are "safe""
• Reply: Craig A. Finseth: "for those that think jpgs are "safe""
• Reply: dkg_ctc: "Re: for those that think jpgs are "safe""
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Jpg. where have you gone?? ... Thank you, Graham, for taking time to help me. ... both jpeg and jpg and the pictures popped up fine. ... file" dialogue box from the "file type" dropdown box. ... (microsoft.public.word.docmanagement) Re: Jpg. where have you gone?? ... Word MVP web site http://word.mvps.org ... both jpeg and jpg and the pictures popped up fine. ... file" dialogue box from the "file type" dropdown box. ... (microsoft.public.word.docmanagement) Re: Jpg. where have you gone?? ... and jpg and the pictures popped up fine. ... HOWEVER, jpg, jpeg, bmp and giff are ... Select Windows Picture and Fax Viewer (or another available graphics ... the "file type" drop down menu. ... (microsoft.public.word.docmanagement) Re: scanning documents ... JPG is hardly ever the best format - it is heavily ... >> same picture and save it twice - once as a JPG and again as a TIF. ... >(Note, when using Windows Picture and Fax Viewer, it pixelates very little in jpeg format, whereas it does a great deal in tif format) ... to scan, you need to save it as some type of text file, not as a TIFF ... (microsoft.public.windowsxp.help_and_support) Re: Corel Draw 12 default template ... >> The idea is to open jpg files directly so you get the same name of ... > you have a particular reason to use Draw. ... > As I said in my last message, if you really want to click on the jpeg ... > graphic file with a cdr extension rather than a standard jpeg bitmap ... (comp.graphics.apps.corel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)