+ 0 - 0 | § ¶Slashdot | First JPEG Virus Posted To Usenet
http://it.slashdot.org/article.pl?sid=04/09/27/2319222&tid=172&tid=218 - Just a timely followup to my earlier post regarding this jpeg exploit. Look at a picture; and the exploit will:
Once this JPEG overflowed GDI+, it phoned home, connected to and ftp site and downloaded almost 2megs of stuff. It installs a trojan that installs itself as a service. It also installs radmin (radmin.com) running as 'r_server'. From the radmin.com site, "With Radmin you can work on a remote computer exactly as if you were right there at its keyboard."Unless you are running linux; then don't worry about anything. Or a fully patched Windows system. Exploits like this; and more importantly; the programming and environment that allow them to exist; scare the bejesus out of me. (more)
+ 0 - 0 | § ¶Microsoft Baseline Security Analyzer V1.2.1
http://www.microsoft.com/technet/security/tools/mbsahome.mspx#EDAA - More on security - if you have Windows; you should be running the Baseline Security Advisor every now and then. It is a good attempt to keep things in order. I'm not sure why this isn't better integrated with Windows Update though. It's like this is the REAL Windows Update.
+ 0 - 0 | § ¶GDI Vulnerabilities: An open letter to Microsoft
http://isc.sans.org/diary.php?date=2004-09-26 - So here's the thing. The JPG vulnerability is pretty widespread. Microsoft writes a Security Bulletin that directs you to a page that scans your system and reports that you may be vulnerable. It redirects you to Windows Update. Scan again - you may be vulnerable. If you want to really scan your system for vulnerable files, use the GDI Scanner provided by the ISC. (more)