sourcecode example: <Link removed by moderator>

Article:
http://news.com.com/Security+researchers+say+JPEG+virus+imminent/2100-7349_3-5387380.html

"The posting of the code hidden in a JPEG graphic is the latest in a series of events that security experts have widely predicted: A serious flaw in the widespread Microsoft Windows operating system and software was found; code that showed how to take advantage of the flaw has been published; and a tool to automatically create malicious JPEG images is continually being refined, Friedrichs said."

Well, then....

Now, I ain't no programmer, but seems to me you f'd up pretty big if your OS can get a virus from JPEGs.

I am seriously supprised that no one has done this before. first shot, go to http://sourceforge.net and look up in the search. there is a program there that allows you to embed a exe in a bitmap, not yes its a bitmap, but it is an image...yes?
second shot, goto paint in accessories in windows and change the file format to say a gif or JPG, and boom.

now you have a VIRUS in a picture.

I though about it 6 or 7 months ago, but Im not that evil....

Saying stuff like that just makes you sound arrogant. Did you forget about the gtk and qt flaws of the same nature?

Originally posted by ntg85
sourcecode example: <Link removed by moderator>

Article:
http://news.com.com/Security+researchers+say+JPEG+virus+imminent/2100-7349_3-5387380.html

"The posting of the code hidden in a JPEG graphic is the latest in a series of events that security experts have widely predicted: A serious flaw in the widespread Microsoft Windows operating system and software was found; code that showed how to take advantage of the flaw has been published; and a tool to automatically create malicious JPEG images is continually being refined, Friedrichs said."

Well, then....

Now, I ain't no programmer, but seems to me you f'd up pretty big if your OS can get a virus from JPEGs.

And this is new how?

I've taken tech calls in the past (7 or 8 years ago) where an entire drive was erased with the exception of the dirty picture and just enough software to view it. Nothing else.
It was called skirt_jpg.exe if I recall correctly.

Yadda yadda yadda, the GDI+ JPEG-of-doom hole, yeah, yeah, ancient news. :p

Ancient, of course, unless you haven't applied .Net Framework 1.1 SP1, or you haven't been to Office Update to fix your copy of Office (LookOut is the specific application here, though Word/Excel are almost assuredly also exploitable), or you haven't run any of the hundreds of GDI+ scanners that have been made available (most are free, esp. the one at incidents.org, but beware: the one on Windows Update doesn't seem to always catch everything; there are reports of it not catching some MS Works versions' gdiplus.dll), or you haven't gotten updates from your other-software vendor.

It's been a full month since MS04-028 has been released, after all. incidents.org on Sep. 17 predicted a full-blown exploit before the end of September (http://isc.sans.org//diary.php?date=2004-09-17), and they got it on the 28th in the form of AIM profiles with infected JPEG images (they found an exploit toolkit earlier, which didn't work all that well at the time, but obviously got better).

Originally posted by knute
And this is new how?

I've taken tech calls in the past (7 or 8 years ago) where an entire drive was erased with the exception of the dirty picture and just enough software to view it. Nothing else.
It was called skirt_jpg.exe if I recall correctly.

did you even read the article, knute??

we are not talking about .exe, the article said images ending with
the extension .jpg...............Duh

...and this is very old news that we knew about even before the date of publication (by about a month or so):
Published: September 28, 2004, 1:02 PM PDT

It certainly doesn't merit the implied surprise over it.

Originally posted by janet loves bill
we are not talking about .exe, the article said images ending with
the extension .jpg Just to add, it's not just a .jpg extension...it is an image. You can open it in a browser or image editor and you would not know it executed additional code

This is a good MS quote from the article..."Microsoft does not consider this a high risk to customers given the amount of user action required to execute the attack and is not currently aware of any significant customer impact," the software giant said in a statement. "We will continue to investigate the situation and provide customers with additional resources and guidance as necessary."Basicly they are going to ignore it until people start complaining...you know, you don't want to get your users in a panic over something :rolleyes:

Maybe because of the last bit...
Windows XP Service Pack 2, which is still being distributed to many customers' computers, is not vulnerable to the flaw.

Install/use Linux/SP2 and it won't affect you :D

I wonder, does M$ write these bugs into their code intentionally?

I mean, how many bugs and exploits can it possibly have anyway, unless they keep introducing new ones!?!

Reminds me of the auto mechanic that you take a car to for an oil change, then suddenly, a few days after taking it to him, you start developing a leak in the brakes, then it overheats, etc..., etc....

I mean, how many bugs and exploits can it possibly have anyway, unless they keep introducing new ones!?!

I'm glad I'm not the only conspiracy theorist on the block

:D

So code can be embedded into media that will be executed by the application that runs it? I wonder if this can also be done with MP3's MPEG's ...etc.

Originally posted by infiniphunk
I'm glad I'm not the only conspiracy theorist on the block

:D

So code can be embedded into media that will be executed by the application that runs it? I wonder if this can also be done with MP3's MPEG's ...etc.

There was a movie about that specific thing. An intelligent virus was embedded into an mp3 that this kid put on his dad's computer at work. Can't remember the name of the movie, but Dad was a software designer and owner of a major corporation.

Marina Sirtis (Counsellor Troy from Star Trek TNG) was mom, if that helps. :D

Originally posted by infiniphunk
So code can be embedded into media that will be executed by the application that runs it? I wonder if this can also be done with MP3's MPEG's ...etc.

I seem to recall reading that there was a hole in iTunes or something that allowed you to do this on Macs. I don't know whether it affected other OS's or even was in iTunes, but I'm pretty sure the problem was malicious MP3's.

Knute: That always helps;)

I mean, how many bugs and exploits can it possibly have anyway, unless they keep introducing new ones!?!

Whar do you really think those virus compnaies are doing when there are no viruses...Its all about profit. And thers a reason its easy to program with todays newer languages, it makes it easier to blame us crazy youngens

Listen to your guys! Are you insinuating that Microsoft coded the jpeg bug in the GTK+ and QT (http://www.computerworld.com/softwaretopics/os/linux/story/0,10801,95577,00.html) toolkits? I can't find a whole lot of links right now, but the point is that there were a few very similar vulnerabilities, viewing a malicious picture could wreck havoc.

Conspiracy? *yawn* Wherever people write code, mistakes are made and vulnerabilities open.

In the MS World with all that inside-the-box-thinking third party enterprises make cash out of Microsoft's flaws without being able to truly fix the issues themselves as Microsoft sits on its code like a dragon on his stash.
In the good open GNU world errors simply get fixed whenever they are being detected because people share a superior work philosophy, it's that simple.

I wanta know who the picture was of, was it a good looking celebrity? If I got a virus, I would at least want the picture to be worth downloading. I would hate to get a virus from a picture of some bushes or trees. Well, since jpeg may be under patent protection fairly soon, maybe we'll have a new format to worry about soon.

you'll have to forgive me for being ignorant and not having read the article, but a jpeg is data, not executable code. There was a virus hoax about this sometime ago, saying that a virus was embedded in a jpeg image. and correct me if I'm wrong, but image files don't get executed, which is how a virus works. A virus has always been executable code. Seems to me if you stuck a virus in an image file all you'd see was a blemish on the image....

Originally posted by hard candy
I wanta know who the picture was of, was it a good looking celebrity? If I got a virus, I would at least want the picture to be worth downloading. I would hate to get a virus from a picture of some bushes or trees. Well, since jpeg may be under patent protection fairly soon, maybe we'll have a new format to worry about soon.

I agree with you HC. If I am going to get a virus from a picture I hope that the picture is worth looking at :D

I'm not an expert on the topic by any means, but I believe that the way the security hole works is that a malformed JPEG could cause a buffer overflow that would write into areas of memory that are executable, and thus if what is written is some kind of virus code it could infect your computer. In fact, I'm not sure that it would even be visible in the image, depending on how it was displayed by the software. Again, I may be completely wrong about that (and I'm sure that someone will correct me if so), but that's always been my understanding of how these things work.

Originally posted by cybertron
a malformed JPEG could cause a buffer overflow that would write into areas of memory that are executable, and thus if what is written is some kind of virus code it could infect your computer. That's exactly what it is.

Buffer overflow bugs are always exploitable with data. Assuming this specific buffer overflow is the same as most of them (that is, there's a fixed-length array on the stack, and the function in question reads data in past the end of that array), the data that gets read after the end of the array will overwrite whatever's stored on the stack before or after the array itself. This will include things like other local variables, function parameters, the return address, and other sundry pieces of data.

If the exploit doesn't do a return-to-libc style attack (where it overwrites the return address to be the address of some function in glibc or similar), then it often writes its payload (the code that was embedded into the JPEG) into the stack itself, and then overwrites the return address with the starting address of its payload. That way, when the vulnerable function is finished, it returns to the start of the injected code, rather than the actual calling function.

I figured it was a hoax before for much the same reason as you, jrbishop79; I didn't think that there could possibly be any JPEG viewing software with a buffer overflow. Way to prove me wrong, GDI+. :mad: :D

FYI, there was no actual image, no picture. Just a jpeg file that won't render with the payload hidden in it.

Parcival: That's exactly right. When the bugs in gtk and qt were found, they were fixed immediately. Microsoft's were found about a month later and then patched. Windows users are in a worse situation since third party dll's may still be vulnerable.

[QUOTE]Originally posted by infiniphunk
[B]I'm glad I'm not the only conspiracy theorist on the block

:D

Mate, many IT anti virus "Professionals" introduce viruses into the "System” for job security and to keep the on going boogie man “FUD” of viruses going in general.

I should know I work for government IT security!

Why would they have to introduce viruses themselves when there are hundreds of sick minds programming them all over the world? Or do you suggest that these people are the ones who deliver the virus sourcecode script-kiddies compile and release?

Mate, many IT anti virus "Professionals" introduce viruses into the "System” for job security and to keep the on going boogie man “FUD” of viruses going in general.

That wouldn't surprise me at all. Up here in the north we have folks who feel it is appropriate to start forest-fires because then the Ontario ministry of natural resources gives them a summer job as fire-fighters!:D

As far as what the jpeg is a picure of, I read somewhere that its a picture of English football star Dave Beckham-"in a compromising position"....sorry hard candy!