[PLUG] First JPEG virus is out there

Paul Heinlein heinlein at madboa.com
Tue Sep 28 10:03:01 PDT 2004


On Tue, 28 Sep 2004, Rich Shepard wrote:

>>  Yes, they're on websites.  All over the place on websites. 
>>  Anything meant to look 'real' will be a JPEG, generally speaking.
>
>  Oh. So, by loading that page we're sucking a copy of the virus into 
> our system's cells? I suppose someone will have a linux-interferon 
> soon available.

Image files are parsed and "executed" by various rendering libraries. 
If those libraries don't do proper bounds checking, regardless of 
whether the host OS is Windows or Linux, a buffer overflow could 
occur.

The fact that the current exploits target x86 Windows systems doesn't 
mean that a similar exploit couldn't be released that targets Our 
Favorite OS. Recently, libraries within libxpm4, ImageMagick, gtk2, 
gdk-pixbuf, and Mozilla have all been found vulnerable to certain 
buffer-overflow exploits.

--Paul Heinlein <heinlein at madboa.com>




More information about the PLUG mailing list