Ingrid Marson
ZDNet UK
August 04, 2005, 17:50 BST
A virus writer has got close to exploiting a critical flaw in the way Microsoft Windows handles JPEGs.
Costin Raiu, the head of research and development for Kaspersky Labs Romania, said on Tuesday that over the weekend a virus writer tried to spread a Trojan by exploiting a known image-handling flaw. This flaw was patched by Microsoft last year, but it is likely that some users are still vulnerable, particularly as the flaw affected a number of Microsoft's products.
As with all previous attempts at exploiting this particular flaw, the malicious code was not successful, but Raiu was concerned that next time a virus writer may succeed. "This time at least, the JPEG file wasn't infectious. However, fixing the mistake would be relatively easy and we wouldn't be surprised to see a second wave, this time with a working exploit," said Raiu in a blog posting.
David Emm, a senior technology consultant at Kaspersky Lab, told ZDNet UK on Thursday that this incident "takes us as close as we've been to a successful exploit".
He was uncertain how soon a working exploit will appear, but it is likely to depend on whether virus writers see such a flaw as a good way of opening a back door to PCs to obtain data.
The writer of the failed exploit is unlikely to have tested the exploit before sending it out, according to Emm. "Malware writers are probably writing the virus on their one and only machine and the last thing they want to do is screw it up," he said.
In the past, many in the industry assumed that image files, such as JPEGs, were harmless and that only executable files could carry viruses. This misconception was disproved by the discovery of this particular JPEG vulnerability.
As many people still assume that images are safe, JPEG viruses could have a considerable impact, according to Emm.
LINK
Topic: JPEG-based virus attack gets closer (Read 635 times)