> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Bart > Silverstrim > Sent: Thursday, September 30, 2004 7:50 AM > > > On Sep 30, 2004, at 3:26 AM, Damian Menscher wrote: > > > On Wed, 29 Sep 2004 [EMAIL PROTECTED] wrote: > >> ... It's interesting that viruses are finally starting to implement > >> what > >> we were joking about in 1995 at high school... > > > > I'm impressed with how far we've come. Less than a year ago, I could > > most email viruses with simple procmail scripts. Now even antivirus > > products are having difficulty keeping up with the threats. > > But for the jpeg threat, as I understand it, patching systems *should* > fix this so even if a "virus" does get loose on your system (jpeg > virus), it shouldn't have an effect. The problem is with the way it's > interpreted by some libraries in Windows. Slightly different than > running an executable (who would have thought a few years ago that > spreading a virus would be as simple as an anonymous email with a .exe > attached saying, "This is neat, UsEr! Run this program!"...AND THEY > DO!?? AARGH!).
That's what happen to us for trying to make everythin soooo easy =) > Once all bazillion Windows machines are patched by all the users on the > planet who know more about their computer than where the on/off switch > is, this "jpeg virus" threat will be a minor footnote in computer > history. > That's not going to happen. I still get Blaster attempts on my network =@ > You do realize, of course, in several years there's a distinct > possibility that this will turn into a "minefield" with otherwise > harmless jpegs (to some platforms) winding up on web pages for viewing. > Some people patch, some don't, eventually...*foom*...infected on those > systems the user never patched. This will be happening five years from > now. Not counting that this is a real virus. A piece of code that could potencially insert itself into a legitimte code/data. There could be one JPEG that infects all other JPEGs! This could be really be a threat on a unprotected WebServer. Imagine a user uploading an image, then the admin just browsing the folder (with thumbnails or something) and BLUM! All the images on the webserver are infected! > The only way to really "fix" it is to either A) fix the libraries with > the problem or B) create a screen program that processes EVERY jpg, > resaving them in a "stripped" form so the executable code won't exist > in the new copy, and forward it or present it to the user...this would > have to be done like some kind of web browser plugin or something of > that nature. I think that you can't assume A), so you have to do B). > At least, those are two ideas I see as possible. The second one would > be a real PITA, though. Both require users to update their systems or > antivirus programs or spyware programs...<GOOD LUCK>. Here's another > thing...what's with spyware and viruses mixing now? Five years ago > viruses were viruses, slimy company advertising was slimy company > advertising. Now, my Windows antivirus is picking up "trojan" adware > and viruses and my spybot is searching for Bagle?!? This is getting > bloody crazy. Now that virus vectors are coming through email rather > than just sharing programs, and are increasingly shifting towards > infection via web browsing, how long before Clam will need to be run > with some sort of web proxy plugin via Squid?? But now I'm just > ranting... > As I remember... there IS a plugin for using Clam on Squid =P This world is not getting any easier... but if it were we would be unemployed =). Regards, -Samuel _______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
