AccueilEmploidossiers marocGuide D'achat informatique marocchanel expo maroc moroccoAnnuaire informatique 2004
news--
-



Tourism in Morocco








click here to advertis on this site

 - -

news world

Peep Show Run Amok


Malicious hackers recently began seeding Internet news groups that traffic in pornography with JPEG images that take advantage of a security hole in Microsoft's software. Users who unwittingly downloaded the poison images could have had remote-control software installed on their computers that gives remote attackers total control over the machines.


Microsoft, which deemed the flaw "critical," identified and patched the hole on September 14, but PC users who have not yet downloaded or installed the patch remain vulnerable.



Like other exploits that appeared in the weeks since Microsoft released its patch, the so-called JPEG of Death uses a JPEG file that's formatted to trigger an overflow in a common Windows component called the GDI+ JPEG decoder, which is used by Windows, Internet Explorer, Outlook, and many other Windows applications. When users open the image, the infected JPEG tries to install a copy of Radmin, a legitimate software application that allows users to control their computers remotely. In this recent case, however, the program was used by a remote attacker to control the user's PC.



Corrupt JPEG images, whether pornographic or otherwise, are visually indistinguishable from other images. Most only work on Windows XP (news - web sites) machines, and some of the attack features do not appear to work on all XP machines.



Currently, most major antivirus software programs can spot corrupted JPEG images. Antivirus software and the Windows patch are the best protection from attacks that use the GDI+ vulnerability.



Experts say the attack images in question cannot spread and are not, technically, viruses. However, the exploit code could easily be modified to download a virus engine with e-mail capability that would spread when images are opened.



As with Sasser and other recent worms that target common Windows components, security experts worry that the JPEG vulnerability in GDI+ could spawn another major worm outbreak. The vulnerability is remotely exploitable and can be accessed through a long list of popular Windows applications. What's more, different Windows applications frequently distribute their own versions of GDI+. Those versions might reside in folders used by the applications and may be out of reach of the Windows patch, or could be installed after the Microsoft patch was applied, effectively undoing that patch.

14,Rue Ahmed El Mokri -Q. Racine - 20 050
CASABLANCA-MAROC
 Tel:(212)22 95 66 01
Fax : (212)22 94 97 49



Copyright (c) 2005 INFO MAGAZINE PC WORLD. Tous droits réservés.

flash news