Software // Enterprise Applications
News
9/28/2004
04:14 PM
Connect Directly
RSS
E-Mail
50%
50%

Attackers Target Microsoft Jpeg Flaw

Some feel a more-sophisticated virus is nearing completion.

Attackers have posted a malicious Jpeg image file to Internet newsgroups that distribute pornography. The infected Jpeg file attempts to exploit a critical vulnerability Microsoft announced and issued a patch for on Sept. 14, in its MS04-028 security bulletin.

According to postings on the Internet security mailing list Bugtraq and Easynews Web portal, the infected Jpeg file was posted Monday. Users who download the file could allow attackers to take complete control of their systems.

Internet security information group Internet Storm Center issued an advisory saying the malicious file appears to have been developed using one of the many published "exploit kits" that are designed to make it easier to attack the MS04-028 vulnerability.

The center tested the attack-image file on unpatched Windows 2000 and XP SP1 systems running Internet Explorer. It said that while the malicious file managed only to crash Internet Explorer, better attacks are likely on the way. "We suspect that a working exploit is very close to widespread availability," wrote the center's Joshua Wright in the advisory.

Most popular antivirus apps can detect and protect against this attack, and Microsoft is urging users to update their systems with the patch included in its MS04-028 security bulletin.

See all the latest Microsoft security bulletins.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.