Get the ECT News Network Editor's Pick Newsletter » View Sample | Subscribe
Welcome Guest | Sign In
Digital River - Talk to the Experts

Will JpegOfDeath Help Slay Microsoft?

By Jon Newton
Sep 29, 2004 6:00 AM PT

You knew it was coming, and now it's here -- the latest evil spurred by the latest Microsoft security hole.

Will JpegOfDeath Help Slay Microsoft?

It's called the JpegOfDeath, but JPEG isn't all it threatens.

"[F]or the people out there who think you can only be affected through viewing or downloading a JPEG attachment... you're dead wrong," says K-OTIC's John Bissell, also know as HighT1mes. "All the attacker has to do is simply change image extension from .jpg to .bmp or .tif or whatever and stupid Windows will still treat the file as a JPEG."

On September 15 Microsoft issued a red alert warning of a "critical" security flaw in its JPEG processing technology that centers on software supporting the JPEG format, including some versions of Microsoft Windows, Microsoft Office and Microsoft developer tools. After that, it was only a question of time.

The Exploit

According to F-Secure, on September 17 a "proof-of-concept exploit which executes code on the victim's computer when opening a JPG file has been posted to a public website." That exploit was crashing only Internet Explorer.

"On September 24th there appeared a constructor that could produce JPEG files with the MS04-028 exploit," F-Secure continued. "This time the exploit executed a code that could download and run a file from Internet. However, the JPEG file with the exploit has to be previewed locally for the exploit to get activated; viewing a JPEG file from a remote host does not activate the exploit.

"We are expecting that more exploit techniques will be created by hacker groups. And there is a chance that someone will create a universal exploit that would work when viewing an image locally and on a remote host."

K-OTIC describes this as a Windows JPEG GDI+ Heap Overflow Remote Exploit (MS04-028) and says it was released on September 23.

According to Bissell, the exploit is "based on [the] FoToZ exploit but kicks the exploit up a notch by making it have reverse connectback as well as bind features that will work with all NT based OS's. WinNT, WinXP, Win2K, Win2003, etc."

No Clicking Required

Nor, it seems, do victims have to click a link to be nailed.

"For instance," says Bissell, "you send them the image... and then they can't see it in Outlook Express, so there like man this image has a cool name so I'll try to open the attachment, then...."

Given the nature of its host, JpegOfDeath.c v0.5 could be one of -- if not the -- worst virus yet.

In the meanwhile, "Savvy Web Surfers Catch New Wave of Browsers," says the headline in a Reuters story on the fact that Microsoft's Internet Explorer has some "some slick new challengers."

But it's nothing to do with "savvy surfers" or a "new wave of browsers" or "slick" or "new." Bill and the Boyz have been treating their customers with contempt for far too long and now they're paying for it.

Bill's Angry Customers

Increasing numbers of deeply brassed off Internet Explorer users who've had a gut-full of non-stop security threats and breaches are looking around.

A patch has been issued for the JPEG hole. But so what? No one believes every single IE user is going to apply it. Far from it, in fact. And this means the door is wide open for all those hackers who live for just such opportunities as this.

So now disenchanted IE users are checking out new horizons and finding the views excellent. As a direct result, IE now has serious competition from the likes of Opera, which is very far from being new, and Mozilla Firefox, which is now bopping along nicely, thank you very much.

It's win-win for everyone. Except Microsoft.

But then, the Gates Green Machine is having the problems it's having because, like the entertainment industry, it made the terminal error of looking the gift horse in the mouth.

Here's a patch to the JPEG hole.

Jon Newton, a TechNewsWorld columnist, founded and runs, a daily peer-to-peer and digital media news site focused on issues surrounding file-sharing, the entertainment industry and distributed computing. p2pnet is based in Canada where sharing music online is legal.

Contact Center AI Explained by Pop Culture
If my employer requires me to return to the company's office full-time to perform my job, I will...
Agree, because I like my job regardless of where I perform my duties.
Comply, because I can't afford to lose my current job.
Go with the flow, but start looking for different employment.
Resign immediately, so I can dedicate all of my time to find a job that better suits my needs.
Try to negotiate a hybrid work from home / work in office arrangement with my employer.
Waylay IO
Contact Center AI Explained by Pop Culture
Digital River - Talk to the Experts