Re: JPEG Virus Now in the Wild

From: Charles Otstot (saries_at_notmyreal.address.com)
Date: 09/30/04

Next message: Charles Otstot: "Re: I have Been Fooled , Bamboozeled, Hoodwinked. What Happend????"
Previous message: Joost: "Norton Anti-Virus Not recognised by windows security"
In reply to: Tom Pepper Willett: "JPEG Virus Now in the Wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Sep 2004 08:52:43 -0400

"Tom Pepper Willett" <tompepper@mvps.org> wrote in message
news:uQ1diVVpEHA.2864@TK2MSFTNGP12.phx.gbl...
> I just recieved this on my IMAIL List....
>
> Tom Pepper Willett
> Microsoft MVP - FrontPage
> --------------
>
> For the first time ever, a JPEG virus in now in the wild. This is the
> problem that everyone had been dreading for years. It is now possible for
> a machine that is behind an extremely secure firewall to receive a virus
> simply by going to a website (even some legitimate websites, such as
eBay),
> or previewing an E-mail.
>
> http://www.easynews.com/virus.txt has details on the virus that was just
> released.
>
> Now is the time to patch every computer that you can (if possible -- some
> programs with the GDIPlus.dll vulnerability are from companies that are
now
> out of
> business).
> http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx is one
> place to start.
>
The "report" from easynews isn't entirely accurate. Their reported "virus"
really isn't. It has no replication mechanism and can only "infect" the
system used to run the exploit code.
It was simply acting as a dropper for using the GDI exploit to set up IRC
FTP servers (along with the requisite remote control application...RAdmin in
this case). It basically entailed the FXP script kiddies bolting the exploit
onto existing toolsets to open a new vector so that they can run their IRC
servers and play with new toys.

This isn't meant to minimize the vulnerability or the need to patch. I
simply wanted to clarify the info posted by easynews so that this particular
report doesn't get overhyped.

Charlie

>
>

Next message: Charles Otstot: "Re: I have Been Fooled , Bamboozeled, Hoodwinked. What Happend????"
Previous message: Joost: "Norton Anti-Virus Not recognised by windows security"
In reply to: Tom Pepper Willett: "JPEG Virus Now in the Wild"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Just a minor screw up by the WHO
... a distinct chance of spawning the doomsday virus outbreak prematurely. ... Either via international wild bird flights or other less clear means of importation. ... Officials spooked by bird flu mix-up Public health officials in Europe are taking steps to make sure there's no repeat of a recent incident in which the lethal H5N1 virus ... GLOBE - Scientists who analyzed 67 H5N1 avian influenza viruses from across Africa report that the viruses fall into three distinct sublineages, ...
(rec.martial-arts)
Re: SCAN.EXE - McAfee AntiVirus Software
... | of network computers and have only report summaries sent to be via email. ... having Alert Manager receive alerts and send selected personnel NetBIOS pop-ups upon ... There are three parts to McAfee: ... | Virus Scan Report File ...
(microsoft.public.security.virus)
Re: SPyware/Malware help needed
... Virus Scan Report File ... Scan engine v4.4.00 for Win32. ... Visit the McAfee Online Web Site ...
(microsoft.public.windowsxp.security_admin)
Bird Flu in Japan
... online report that appeared on ProMED-mail. ... attributed to the virus. ... The ministry has a vaccine stockpile, but approved vaccines have not ... with a spate of new outbreaks in villages in Kampaengphet and ...
(soc.culture.china)
Re: Got Alemon Trojan... deleted but cant change wallpaper
... Here's the information in the Virus Scan Report File ... Visit the McAfee Online Web Site ... | wallpaper to an .html file. ...
(microsoft.public.windowsxp.help_and_support)