Inter Engineering

Home

About Us

Products

Support

Downloads

Resellers

Links

Latest News

Latest Threats

Trainings

Mailing Lists

Latest Threats

New kind of attack through JPG imagesRenders numerous computers vulnerable and introduces new AntiVirus era

Inter Engineering warns about a recently discovered vulnerability in the Microsoft JPEG decoder which has been exploited by hackers to create a new type of attack. It is possible to create JPEG images that, when opened, can invoke the execution of an arbitrary program on the internet.

This means that an attacker can take complete control over the victim’s machine, including the ability to install programs and viewing, changing or deleting data.

Microsoft’s description of the attack, as well as patches are available on

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Josmaarten Swinkels of Inter Engineering comments:
“The important fact of this incident is not that yet another vulnerability in Microsoft software has been found. It is the fact that a filetype which until now was considered to be impossible to exploit for malicious activities, has now become a threat. Computer users from now on will have to be very careful even when opening a simple photograph! The incident also has a severe impact on the protection mechanisms. Anti Virus software from now on also must scan files in several graphics formats like JPG. That means two things: First many, many more files will have to be scanned making the anti virus much more heavy slowing computers down and secondly it most likely that very often the anti virus software will falsely report a graphics file as infected. We are afraid that we are once more entering a new era with new challenges”.

Inter Engineering strongly advises users to apply all Microsoft security patches and to use both Anti Virus and Firewalls which are very frequently updated. Users are also advised to stay informed about the security developments.

F-Secure Anti-Virus detects the MS04-028 exploit since the 20th of September.

IMPORTANT: F-Secure Anti-Virus does not scan JPG and other image files with the default settings. In order to scan a computer for files with JPG vulnerability exploit, it is necessary to add the following image extensions to the list of scanned extensions:

JPG JPEG BMP GIF TGA TIF TIFF PCX PNG

About Inter Engineering

Inter Engineering is one of the few companies specialized in Data Security. Since 1992 the company is active in the protection against computer viruses and has since then extended its activities with strong cryptography, access control, copy protection, biometrics and data recovery. The Company cooperates closely with leading providers globally and contributes actively to research and development. Also close relationships with scientific organizations are maintained. Thus Inter Engineering is able to provide consultancy and solutions for almost any Data Security issue.

To contact us: Inter Engineering
P.O. Box 1626
410 02 Larissa, Greece
Tel. +30.2410.670030
Fax. +30.2410.670006
Email: sales@inter.gr