Hi Folks I pass on this worrying news item regards Brenda Marks, Skyscan JPEG exploit goes wild [PC Pro] 11:57
Barely a fortnight following Microsoft's monthly security bulletin highlighting a vulnerability in the way its software handles images using the JPEG format, code to take advantage of the vulnerability has been found on images circulated in the EasyNews Usenet group. The company says it has found two images containing the code, which - if viewed - would result in software being downloaded that would give a remote attacker access to files on the machine storing the images, as well as free reign to run code on it. In a posting on the company's site, John Bissell writes: 'Through my limited testing I have found on a unpatched XP SP1 system that if you click the exploit jpeg file in Windows Explorer then you will be hacked.' The messages state that at one point 93 users were logged on to the IP address from which the exploit was downloading nearly 2MB Trojan and other malicious software. However, a 'quick and nasty' PERL script has been put in place to make sure no such images infiltrate the network again. The company has also not been able to find any code within the images that would allow it to self-propagate, so in this instance, it isn't classed as a worm. Code that was able to take advantage of the JPEG bug began circulating on the Internet about a week ago. As is common with much of the malicious software written to attack Microsoft vulnerabilities, this particular exploit appeared after Microsoft had issued a patch. Hackers often reverse engineer Microsoft's patches in order to create code to exploit the hole that the patch fixed. However, the time between releasing a patch and the appearance of malicious code to exploit the identified vulnerability grows ever shorter. Security experts greatest fear is a 'zero-day' exploit, where hackers launch exploit code less than a day after Microsoft issues a patch, so that no-one has time to update their systems. =============================================================== GO TO http://www.prodig.org for ~ GUIDELINES ~ un/SUBSCRIBING ~ ITEMS for SALE
