[PLUG] First JPEG virus is out there
Paul Heinlein
heinlein at madboa.com
Tue Sep 28 10:03:01 PDT 2004
On Tue, 28 Sep 2004, Rich Shepard wrote:
>> Yes, they're on websites. All over the place on websites.
>> Anything meant to look 'real' will be a JPEG, generally speaking.
>
> Oh. So, by loading that page we're sucking a copy of the virus into
> our system's cells? I suppose someone will have a linux-interferon
> soon available.
Image files are parsed and "executed" by various rendering libraries.
If those libraries don't do proper bounds checking, regardless of
whether the host OS is Windows or Linux, a buffer overflow could
occur.
The fact that the current exploits target x86 Windows systems doesn't
mean that a similar exploit couldn't be released that targets Our
Favorite OS. Recently, libraries within libxpm4, ImageMagick, gtk2,
gdk-pixbuf, and Mozilla have all been found vulnerable to certain
buffer-overflow exploits.
--Paul Heinlein <heinlein at madboa.com>
More information about the PLUG
mailing list