Whoa, Email from work about VIRUS from JPEGs!!?

[J0hnny]

This is the email that I just got from the company tech people.

"On Tuesday 9/14, Microsoft advised Information Resources of critical vulnerabilities contained in their Internet Explorer web-browser software and several other Microsoft products in use at Con Edison. The vulnerabilities could allow a hacker to embed malicious software in JPEG image files. These image files typically contain pictures and/or other graphics and are widely distributed on the Internet. Please refrain from downloading any images (graphic files and pictures) from unknown sources on the Internet.

As a preliminary precaution Information Resources is now blocking all JPEG images contained in Internet emails from entering our network. Information Resources will also be upgrading PC and server software to protect the Company from these vulnerabilities. The software upgrade will be electronically downloaded to your PC and is scheduled to begin Friday 9/17 at 2pm.

In order to correctly install the upgrade, your PC will be automatically rebooted after the download. Please do not interrupt the software download while it is executing. You will be able to continue working on your PC until the reboot occurs. You will be alerted by a pop-up message when the download begins, is completed, and when the reboot is starting. "


Cliffnotes: We are now blocking all JPEG files in emails.

Is it possible for a virus to come in like this?

 

[xospec1alk]

yes.

http://news.com.com/Major+grap...6314.html?tag=nefd.top

 

[trilks]

Yep. Good ol' buffer overflow exploit, I believe.

 

[rbrandon]

yea theres a patch out for it on WIndows Update its the GDI Detection update, get em while theyre hot

 

[sciencewhiz]

http://www.dvhardware.net/article3114.html

 

[Kev]

wait, they can embed an actual program or is it just something that crashes the comp?

 

[CVSiN]

In short...
dont get your Pr0n from unknown sites =)

 

[Gurck]

Wait, so this affects any software that displays images, or only image displaying software coded by microshaft? If the latter, most of us use FireFox anyway

 

[Viper GTS]

Originally posted by: Kev
wait, they can embed an actual program or is it just something that crashes the comp?

It's code disguised as a jpg (header & extension).

It's not truly an image carrying a virus, but a virus disguised to look like an image & then taking advantage of a flaw in windows' image handling.

Viper GTS

 

[Nitemare]

Originally posted by: CVSiN
In short...
dont get your Pr0n from unknown sites =)

Maybe he can ask his work to set up a trusted pr0n server so this want happen.

 

[Shawn]

yep, M$ just put a patch or something out.

 

[jjones]

Originally posted by: Gurck
Wait, so this affects any software that displays images, or only image displaying software coded by microshaft? If the latter, most of us use FireFox anyway

From Microsoft

Affected Software:

Windows XP
Windows XP Service Pack 1 (SP1)
Windows Server 2003
Internet Explorer 6 SP1
Office XP SP3
Note Office XP SP3 includes Word 2002, Excel 2002, Outlook 2002, PowerPoint 2002, FrontPage 2002, and Publisher 2002.
Office 2003
Note Office 2003 includes Word 2003, Excel 2003, Outlook 2003, PowerPoint 2003, FrontPage 2003, Publisher 2003, InfoPath 2003, and OneNote 2003.
Digital Image Pro 7.0
Digital Image Pro 9
Digital Image Suite 9
Greetings 2002
Picture It! 2002 (all versions)
Picture It! 7.0 (all versions)
Picture It! 9 (all versions, including Picture It! Library)
Producer for PowerPoint (all versions)
Project 2002 SP1 (all versions)
Project 2003 (all versions)
Visio 2002 SP2 (all versions)
Visio 2003 (all versions)
Visual Studio .NET 2002
Note Visual Studio .NET 2002 includes Visual Basic .NET Standard 2002, Visual C# .NET Standard 2002, and Visual C++ .NET Standard 2002.
Visual Studio .NET 2003
Note Visual Studio .NET 2003 includes Visual Basic .NET Standard 2003, Visual C# .NET Standard 2003, Visual C++ .NET Standard 2003, and Visual J# .NET Standard 2003.
.NET Framework 1.0 SP2
.NET Framework 1.0 SDK SP2
.NET Framework 1.1
Platform SDK Redistributable: GDI+


Link to security bulletin

 

[J0hnny]

Originally posted by: CVSiN
In short...
dont get your Pr0n from unknown sites =)

WHoa, I better start using firefox for pr0n surfing at work now.

 

[Schadenfroh]

Originally posted by: J0hnny

Originally posted by: CVSiN
In short...
dont get your Pr0n from unknown sites =)

WHoa, I better start using firefox for pr0n surfing at work now.

any openings at your place of employment?

 

[PanzerIV]

It never ceases to amaze me the amount of effort some losers put into damaging or invading perfect strangers computers. These people are the poster children for social misfits.

 

[Kev]

Originally posted by: Viper GTS

Originally posted by: Kev
wait, they can embed an actual program or is it just something that crashes the comp?

It's code disguised as a jpg (header & extension).

It's not truly an image carrying a virus, but a virus disguised to look like an image & then taking advantage of a flaw in windows' image handling.

Viper GTS

wow, how retarded could ms be for something like this to happen

 

[DrPizza]

Originally posted by: Schadenfroh

Originally posted by: J0hnny

Originally posted by: CVSiN
In short...
dont get your Pr0n from unknown sites =)

WHoa, I better start using firefox for pr0n surfing at work now.

any openings at your place of employment?

There will be soon!

Originally posted by: Kev

Originally posted by: Viper GTS

Originally posted by: Kev
wait, they can embed an actual program or is it just something that crashes the comp?

It's code disguised as a jpg (header & extension).

It's not truly an image carrying a virus, but a virus disguised to look like an image & then taking advantage of a flaw in windows' image handling.

Viper GTS

wow, how retarded could ms be for something like this to happen

I completely agree... I was going to post "no" to the OP's question... I find it amazing that this can happen. What kind of idiots wouldn't think of this at MS? This shouldn't need a patch, this shouldn't have happened in the first place!

 

[MrPShah]

Originally posted by: Gurck
Wait, so this affects any software that displays images, or only image displaying software coded by microshaft? If the latter, most of us use Firefox anyway

Except while at work...(sigh)

 

[Mooncalf]

If this only affects people either without SP2 or with SP2 with Office then why is WU giving it to me to install?

I have SP2 and don't have Office but it is listed as a critical update for me through WU. Am I supposed to install it or not?

 

[SagaLore]

JPEG Vulnerability

This thread should really be stickied.

This has huge repercussions.

 

[Batti]

Mooncalf, I believe it'll still bring the GDI detection tool down, even though you may have nothing to patch.

 

[DanTMWTMP]

people usually use these embedded stuff to keylog your passwords and such.


If you've been around in the mmorpg scene, these embedded keyloggers in images is a huge huge huge problem, and has been around for awhile. Many people's accounts have been hacked due to this.

 

[InlineFive]

Originally posted by: rbrandon
yea theres a patch out for it on WIndows Update its the GDI Detection update, get em while theyre hot

There is another one called SP2. At least this time it's fixed when it came out.

 

[Mooncalf]

Originally posted by: Batti
Mooncalf, I believe it'll still bring the GDI detection tool down, even though you may have nothing to patch.

So even though WU lists it for it shouldn't be so I don't need to install it right?

Is it listed for everyone else here that already has SP2 and not any of the programs it mentions might have this flaw? I'm just wondering if it is something that I should download from WU anyway.