Hackers target Microsoft's JPEG flaw.In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG JPEG in full Joint Photographic Experts Group Standard computer file format for storing graphic images in a compressed form for general use. JPEG images are compressed using a mathematical algorithm. format. Software tools to create the malicious images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups. To get the malicious code, a visitor must download the image and view it using Microsoft's Windows Explorer See Explorer. software, said Symantec. The computer then contacts a server to obtain code that would let an attacker take over the machine remotely. Comment: While the current exploit is limited future attempts to create malicious images would work on the more popular Outlook and Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. programs. The Internet Storm Center at the SANS Institute The SANS Institute (SysAdmin, Audit, Networking, and Security) is a trade name owned by the for-profit Escal Institute of Advanced Technologies. SANS provides computer security training, professional certification, and a research archive. said an image it found, disclosed on the BugTraq security mailing list An automated e-mail system on the Internet, which is maintained by subject matter. There are thousands of such lists that reach millions of individuals and businesses. New users generally subscribe by sending an e-mail with the word "subscribe" in it and subsequently receive all new , only caused computers to crash in tests, but "we suspect that a working exploit is very close to widespread availability." Computers with updated versions of anti-virus software anti-virus software n → Antivirensoftware f should be protected, according to SANS center. Microsoft also has a software patch to fix the flaw and said users who have the Service Pack 2 security update for Windows XP are not affected. Microsoft disclosed the flaw in question on Sept. 14. It affects people running Windows XP, Windows Server 2003 and later versions of Office. People who have earlier versions of Windows or Office may also be affected if they are running some specialized applications, such as Digital Image Pro and Visio 2002. The flaw is in a technology that is used to render JPEG images. www.msnbc.msn.com/ |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion