k - i know there are probably a few of you who this will really really concern
(who like me are system administrators and what not) but this is something that
all of you in this community should be aware of - especially as this will
probably only get worse for a little while - my guess is look for a self
propogating variation with in the next month or so. Basically this is a Jpg
exploit that downloads little nasties when you VIEW the image and it affeects
all microsoft products and several products that interface with microsoft
products - i.e. if you use windows any program you use might be afftected - I
have not verified which ones are safe yet - though i will be shortly :-P This
exploit has been out for a month but someone finally has started useing it to do
nasty little things... you can find info here http://www.easynews.com/virus.html
and here http://it.slashdot.org/it/04/09/27/2319222.shtml?tid=172&tid=218
and obviously if you use something other than windows you don't have to worry
about any of this :-P ... now tell me why I switched my laptop back to
windows?.... anyway eat it up folks...
no - though MS did patch the base system .dll's - however many programs use
their own variations of the .dll's to decode images - i scanned my system and
found that .net .dll's (MS hasn't patched them yet) were still vulreable and
illustrator .dll's (adobe) were as well - updates outside of the system dll's
will have to be provided from the vendor. This is why this is really annoying -
it'll take vendors months to fix this unless a major outbreak occurs - at which
point it's too late - the major virus scanners will protect you (thus far) from
getting an infection through IE - however i expect that if a script kiddy writes
a really nasty one the infection time would be to fast - i.e. there would be too
many infections before they managed to get a defintion out and users to install
it.
The reason this is so dangerous is it is a mojor exploit that does not require
you to email or download anything - only view the jpg with a vulreable program.
At some point somebody is going to write it so that it replaces a jpg you
already have - i.e you view the file it changes to a file you already have and
continues on its merry infectious way as you share the jpg - if this is paired
up with another exploit/spyware you have a backdoor to your system and boom all
the fun begins. (the variation i posted on does this in a clumsy manner - it
dials home and downloads the rest of the virus/spyware)
It's not just your internet browser you have to worry about. MS Office programs
(Word, Outlook, Visio, Project, etc). Macromedia products, wsftp, etc... any
program that utilizes the certain versions of the gdiplus.dll, vgx.dll, mso.dll
is a potential security hole for this kind of virus. Best thing to do is to
run the GDISCAN.exe to detect any vulnerabilities and attempt to find out if
there are any patches to fix the problem. Office has one on
office.microsoft.com that you can autoupdate with. Otherwise stop using the
product affected until fixed.
Not affected ... : Microsoft Windows XP Service Pack 2
there is the excuse to finally install
it ...
As said major AV vendors detect it. so if there still some retard NOT running
a AV ... DOOM on you ....
god i'm getting annoyed, patching has become a daytime job ...
snif ,, 18 bloody windows servers ... and my only Novell has a uptime of 2
years now ....
(vacuum cleaner UPS incident ... else i got 4 years uptime on that box)
umm it is fixed in the base .dll's of service pack 2 but the problem is that
several major programs use there own variations of those same dll's so until
those vendors put out an update you are still vulreable - yes last i checked
mozilla was safe. :-)
k - i know there are probably a few of you who this will really really concern (who like me are system administrators and what not) but this is something that all of you in this community should be aware of - especially as this will probably only get worse for a little while - my guess is look for a self propogating variation with in the next month or so. Basically this is a Jpg exploit that downloads little nasties when you VIEW the image and it affeects all microsoft products and several products that interface with microsoft products - i.e. if you use windows any program you use might be afftected - I have not verified which ones are safe yet - though i will be shortly :-P This exploit has been out for a month but someone finally has started useing it to do nasty little things... you can find info here http://www.easynews.com/virus.html and here http://it.slashdot.org/it/04/09/27/2319222.shtml?tid=172&tid=218 and obviously if you use something other than windows you don't have to worry about any of this :-P ... now tell me why I switched my laptop back to windows?.... anyway eat it up folks...
http://isc.sans.org/gdiscan.php - use this to scan to see if you need to worry or not :-)
*chants* Use Mozilla Firefox!
I use Mozilla, would it still get on my comp?
not the most recent update - they already fixed the problem the 1.0 PR release has resolved the issue.
Thanks for the heads-up. =x Much appreciated!
I use Firefox, but i was wondering did the service pack2 fix this problem? I use ie on rare occasions.
no - though MS did patch the base system .dll's - however many programs use their own variations of the .dll's to decode images - i scanned my system and found that .net .dll's (MS hasn't patched them yet) were still vulreable and illustrator .dll's (adobe) were as well - updates outside of the system dll's will have to be provided from the vendor. This is why this is really annoying - it'll take vendors months to fix this unless a major outbreak occurs - at which point it's too late - the major virus scanners will protect you (thus far) from getting an infection through IE - however i expect that if a script kiddy writes a really nasty one the infection time would be to fast - i.e. there would be too many infections before they managed to get a defintion out and users to install it.
The reason this is so dangerous is it is a mojor exploit that does not require you to email or download anything - only view the jpg with a vulreable program. At some point somebody is going to write it so that it replaces a jpg you already have - i.e you view the file it changes to a file you already have and continues on its merry infectious way as you share the jpg - if this is paired up with another exploit/spyware you have a backdoor to your system and boom all the fun begins. (the variation i posted on does this in a clumsy manner - it dials home and downloads the rest of the virus/spyware)
It's not just your internet browser you have to worry about. MS Office programs (Word, Outlook, Visio, Project, etc). Macromedia products, wsftp, etc... any program that utilizes the certain versions of the gdiplus.dll, vgx.dll, mso.dll is a potential security hole for this kind of virus. Best thing to do is to run the GDISCAN.exe to detect any vulnerabilities and attempt to find out if there are any patches to fix the problem. Office has one on office.microsoft.com that you can autoupdate with. Otherwise stop using the product affected until fixed.
and it affeects all microsoft products
... not all MS products .. <grin>
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
Not affected ... : Microsoft Windows XP Service Pack 2
there is the excuse to finally install it ...
As said major AV vendors detect it. so if there still some retard NOT running a AV ... DOOM on you ....
god i'm getting annoyed, patching has become a daytime job ...
snif ,, 18 bloody windows servers ... and my only Novell has a uptime of 2 years now ....
(vacuum cleaner UPS incident ... else i got 4 years uptime on that box)
No one has answered his/her question yet.. and I would like to know to.
Trying real hard to avoid Service Pack 2 =\
umm it is fixed in the base .dll's of service pack 2 but the problem is that several major programs use there own variations of those same dll's so until those vendors put out an update you are still vulreable - yes last i checked mozilla was safe. :-)
So this virus . . . is in pictures . . . I didn't get the article . . .