Beware IE Users - Jpeg Virus in the Wild

Alexander Turcic · 09-28-2004, 09:02 AM

If you happen to still use Internet Explorer, you better read this information at Easynews and seriously consider switching over to Firebird.

Once this virus has overflowed GDI+, phoned home, connected to an ftp site and downloaded almost 2megs of stuff, it installs another trojan as a service on your Windows machine. Real evil.

The isolated virus file is also available there for download, so you can test if your latest virus killer can detect this one.

Alexander Turcic · 09-28-2004, 09:05 AM

I forgot to mention another part also written in the Easynews article:

The virus also installs radmin (radmin.com) running as 'r_server'. From the radmin.com site, "With Radmin you can work on a remote computer exactly as if you were right there at its keyboard."

My Kaspersky AV detected the virus after a signature update and identified it as Exploit.Win32.MS04-028.gen.

Zire · 09-28-2004, 03:55 PM

Don't use IE...I'm on Mozilla so hopefully I have nothing to worry about. Also at home I'm using a Mac so don't think anything will happen.

cbarnett · 09-28-2004, 08:28 PM

Nasty.... Glad I switched to Firefox too!

Craig.

Chaos · 09-29-2004, 03:47 AM

On my Mac I've viewed images that exploit the buffer overflow (which is where the virus stems from), and nothing happened at all (not that I expected it to). It's a Microsoft product only hole.

Don't have to worry about it with any form of Unix (MacOS X, Linux, *BSD, etc.), or with Firefox/Mozilla/etc. on Windows.

09-28-2004, 09:02 AM	#1
Alexander Turcic Fully Converged Posts: 18,171 Karma: 14021202 Join Date: Oct 2002 Location: Switzerland Device: Too many to count here.	Beware IE Users - Jpeg Virus in the Wild If you happen to still use Internet Explorer, you better read this information at Easynews and seriously consider switching over to Firebird. Once this virus has overflowed GDI+, phoned home, connected to an ftp site and downloaded almost 2megs of stuff, it installs another trojan as a service on your Windows machine. Real evil. The isolated virus file is also available there for download, so you can test if your latest virus killer can detect this one.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Scryer's Gulch: Magic in the Wild, Wild West - FREE	MeiLin	Self-Promotions by Authors and Publishers	4	07-23-2010 03:17 AM
Scan JPEG as notes	kinged	Sony Reader	6	05-27-2009 01:04 PM
Beware -- Trojan virus in 0.5.9	nathantw	Calibre	2	04-30-2009 04:31 PM
JPEG lockups	jakeluck	Sony Reader	0	11-25-2006 04:24 PM

09-28-2004, 09:05 AM	#2
Alexander Turcic Fully Converged Posts: 18,171 Karma: 14021202 Join Date: Oct 2002 Location: Switzerland Device: Too many to count here.	I forgot to mention another part also written in the Easynews article: The virus also installs radmin (radmin.com) running as 'r_server'. From the radmin.com site, "With Radmin you can work on a remote computer exactly as if you were right there at its keyboard." My Kaspersky AV detected the virus after a signature update and identified it as Exploit.Win32.MS04-028.gen.

09-28-2004, 03:55 PM	#3
Zire Fanatic Posts: 522 Karma: 14050 Join Date: May 2003 Location: Astoria, NY Device: Zire 71	Don't use IE...I'm on Mozilla so hopefully I have nothing to worry about. Also at home I'm using a Mac so don't think anything will happen.

09-28-2004, 08:28 PM	#4
cbarnett MR prodigal son Posts: 1,085 Karma: 1083739 Join Date: Mar 2003 Location: Australia Device: Kobo Aura H2O	Nasty.... Glad I switched to Firefox too! Craig.

09-29-2004, 03:47 AM	#5
Chaos Evangelist Posts: 418 Karma: 281 Join Date: Jul 2004 Location: Canada Device: Assorted older devices	On my Mac I've viewed images that exploit the buffer overflow (which is where the virus stems from), and nothing happened at all (not that I expected it to). It's a Microsoft product only hole. Don't have to worry about it with any form of Unix (MacOS X, Linux, *BSD, etc.), or with Firefox/Mozilla/etc. on Windows.

Advert

Advert