NEWS FROM THE LAB - Monday, September 27, 2004

JPEG exploits Posted by Mikko @ 21:33 GMT

According to a post on the Bugtraq mailing list, somebody has been trying to post JPG images with the exploit code in them to adult usenet newsgroups. Do note that these JPGs did not replicate, so this is not a virus - although the post in Bugtraq is misleadingly titled "GDI virus". Apparently they tried to use these JPGs to download trojans to vulnerable computers...but the download sites should be down by now.

Things are heating up. Unfortunately I have a nasty feeling we might sooner or later see a massmailer worm using a JPG image as the attachment.