G oog le BadWeB | Login/out | Topics | Search | Custodians | Register | Edit Profile


Buell Motorcycle Forum » Quick Board Archives » Archive through October 08, 2004 » Heads Up... virus that can propegate with jpegs out. « Previous Next »

Author Message
Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Tuesday, September 28, 2004 - 08:12 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Here is a site with good information:

http://www.easynews.com/virus.html

Basically, there is a virus out that can infect your system just by viewing a jpeg.

From the page above, they indicate you can check to see if you have been infected by this virus. Look for a directory named

c:\windows\system32\system\

that has nvsvc.exe and winrun.exe in it.

This is probably just one of many virii that will attack this issue. Microsoft has patches out to fix some vulnerable DLL's, but other vendors everywhere have vulnerabilities included as a result of Microsofts original software development platform, so it can be a real bear to know if you are patched or not.

More news as I get it...
Top of pagePrevious messageNext messageBottom of page Link to this message

Xb9er
Posted on Tuesday, September 28, 2004 - 09:01 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Graphics image virus scares/hoaxes have come out periodically over the years. Before you get everyone in a panic, have you made absolutely sure this is for real?
Mike.
Top of pagePrevious messageNext messageBottom of page Link to this message

Henrik
Posted on Tuesday, September 28, 2004 - 09:17 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Reep knows of what he speaks. Keep your guard up.

Henrik
Top of pagePrevious messageNext messageBottom of page Link to this message

Chainsaw
Posted on Tuesday, September 28, 2004 - 09:27 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

*cough*buyamachintosh*cough*

: )
Top of pagePrevious messageNext messageBottom of page Link to this message

Darthane
Posted on Tuesday, September 28, 2004 - 09:28 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Ahh...to be free of Microsoft.
Top of pagePrevious messageNext messageBottom of page Link to this message

Henrik
Posted on Tuesday, September 28, 2004 - 09:34 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Mac forever - Life's too short for Windoze : D

Henrik
Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Tuesday, September 28, 2004 - 09:43 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

XB9r, you are absolutely right, it has been a theoretical threat since at least 1991 (first time I heard of it). Lots of false alarms as well. It has been kind of the holy grail for malware authors for a decade, but never realized.

Much to my dismay, it is now absolutely true. And worse then that, its not "just an explorer bug that needs a patch", but a flaw with a microsoft supplied development DLL that is redistributed with a boatload of products, and co-exists in parallel in a bunch of places on your machine.

Microsoft patches fix the ones they own (Microsoft products), but they can't patch what they don't know about, and a boatload of programs use this library.

Here is an authoritative source:

http://isc.sans.org/

They don't get any more authoritive then that...

Install the microsoft patches, and make sure your antivirus definitions are up to date (daily at a minimum until this blows over). Don't open suspicious jpegs you get in the mail.
Top of pagePrevious messageNext messageBottom of page Link to this message

Phillyblast
Posted on Tuesday, September 28, 2004 - 10:01 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

We block all attachments at work, including jpegs. People always complain, saying "but they're just jpegs". Now they know why.
oh, and (cough)buy a mac(cough)
Top of pagePrevious messageNext messageBottom of page Link to this message

Glitch
Posted on Tuesday, September 28, 2004 - 10:12 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Windows is the bane of my existence : (

At home I'm free, as in free speech, not free as in free beer...
Top of pagePrevious messageNext messageBottom of page Link to this message

Jlnance
Posted on Tuesday, September 28, 2004 - 10:45 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Oh what a great excuse for a plug .

You might want to check out the firefox browser which you can download for free from www.mozilla.org . I would be most pleased if you like it, as I helped write it. I suspect it not to be vulnerable to this virus, though I can not be absolutly certain of that as I do not run windows.

Jim

PS: Glitch 0.12 was my first kernel
Top of pagePrevious messageNext messageBottom of page Link to this message

Glitch
Posted on Tuesday, September 28, 2004 - 10:47 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

And FireFox RuleZ!
Top of pagePrevious messageNext messageBottom of page Link to this message

Maverick9s
Posted on Tuesday, September 28, 2004 - 11:01 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Question.
Can anyone tell me why tell sell Virus protection software for Mac's?
Top of pagePrevious messageNext messageBottom of page Link to this message

Midknyte
Posted on Tuesday, September 28, 2004 - 11:04 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

As I understand it though, you must already be infected with another component and the corrupted jpeg acts as a trigger.

Or has this one advanced past this to carry the full payload in the image?
Top of pagePrevious messageNext messageBottom of page Link to this message

Henrik
Posted on Tuesday, September 28, 2004 - 11:06 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Can anyone tell me why tell sell Virus protection software for Mac's

Because bad things happen, even to good people ; )

Henrik
Top of pagePrevious messageNext messageBottom of page Link to this message

Bigdaddy
Posted on Tuesday, September 28, 2004 - 11:07 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Hey Jim -- great product. It's widely used in your neighborhood too :-) Firefox has become a 'MUST' in some security circles -- especially RTP, Creekstone, Miami Blvd.

If you want a real OS, for nearly all HW platforms, FreeBSD will set you free.
Top of pagePrevious messageNext messageBottom of page Link to this message

Stealthxb
Posted on Tuesday, September 28, 2004 - 11:37 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Jlnance...
FireFox Rocks!!!

Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Tuesday, September 28, 2004 - 11:40 am:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Ditto, firefox has been my daily driver for a long time now. Excellent work!

Maverick... antivirus for macs is important because there is a chance that someday there may actually be enough mac users to actually bothering to write a virus to infect ; )

*ducking*...

Midnyte... this is a new one. The whole payload is in the image... it execute, and as a result will go to an FTP site and then download the rest of the rootkit. I don't think the one spotted this morning will go out on your system and infect other jpegs, but it's pretty early to tell, and more variations will be forthcoming.
Top of pagePrevious messageNext messageBottom of page Link to this message

Mbsween
Posted on Tuesday, September 28, 2004 - 12:53 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Glitch
ever take a look at Gentoo? Ultimate control over your OS.....


http://www.gentoo.org



Although any linux is better than windoze
Top of pagePrevious messageNext messageBottom of page Link to this message

Glitch
Posted on Tuesday, September 28, 2004 - 01:02 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

ever take a look at Gentoo?
Just now. Thanks for the link.

Virus writers, all that energy going in the wrong direction.
Top of pagePrevious messageNext messageBottom of page Link to this message

Josh_
Posted on Tuesday, September 28, 2004 - 01:11 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Security Alert, September 28, 2004

Multiple Vulnerabilities in Mozilla-based Web Browsers
Multiple vulnerabilities have been discovered in Mozilla, Mozilla Firefox, and Mozilla Thunderbird, the most severe of which could compromise a system. The vulnerabilities (discovered by Georgi Guninski, Wladimir Palant, Gael Delalleau, Mats Palmgren, Jesse Ruderman, Daniel Koukola, Andrew Schultz, and Harald Milz) include a long list of problems--too many to list in this security alert! The Mozilla organization recommends that affected users immediately upgrade to the latest release of software.
Top of pagePrevious messageNext messageBottom of page Link to this message

99buellx1
Posted on Tuesday, September 28, 2004 - 02:12 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Josh_

Got a link for that excerpt?


Craig
Top of pagePrevious messageNext messageBottom of page Link to this message

Josh_
Posted on Tuesday, September 28, 2004 - 02:37 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

Don't know if it works for non-subscribers but:

http://www.windowsitpro.com/article/articleid/43991/43991.html
Top of pagePrevious messageNext messageBottom of page Link to this message

Kevyn
Posted on Tuesday, September 28, 2004 - 03:53 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

I was tagged by a virii that disabled my IE but thanks to Mozilla FireFox I'm still chuggin' along...and I think the virii was a jpeg infection...caught by Norton but not before the port damage was achieved.

P.S. I'm not IT educated and just barely know what I'm talking about.
Top of pagePrevious messageNext messageBottom of page Link to this message

Reepicheep
Posted on Tuesday, September 28, 2004 - 04:02 pm:   Edit Post Delete Post View Post/Check IP Print Post    Move Post (Custodian/Admin Only)

The jpeg exploit just started hitting this morning. I doubt thats what popped your box, there are no shortage of other vulnerabilities on the windows platform... : (
« Previous Next »

Add Your Message Here
Post:
Bold text Italics Underline Create a hyperlink Insert a clipart image

Username: Posting Information:
This is a private posting area. Only registered users and custodians may post messages here.
Password:
Options: Post as "Anonymous" (Valid reason required. Abusers will be exposed. If unsure, ask.)
Enable HTML code in message
Automatically activate URLs in message
Action:

Topics | Last Day | Tree View | Search | User List | Help/Instructions | Rules | Program Credits Administration