Datamation Logo

Large-Scale IM Virus Attack Feared

Home Security
Ryan Naraine
By Ryan Naraine
September 29, 2004
Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Security researchers are seeing the first signs of a large-scale
virus attack taking advantage of a known flaw in the way JPEG images are
processed in Microsoft Windows products.

Just days after warning
that proof-of-concept exploits were circulating, the SANS Internet Storm
Center (ISC) said it had received reports that a “GDIplus.dll” exploit
embedded on porn images was making the rounds on adult newsgroups.

Microsoft has already released a patch to fix the way GDI libraries
handle JPEG processing, and it released a scanning tool
to help detect the presence of products that
contain the GDI+ component and determine whether a security fix should
be applied.

In addition to adult images on Usenet, the ISC said it was
investigating reports that the profile feature in America Online’s AIM
instant messaging product was being used to entice users to view
malicious JPEG files.

The basic method is to attach GDI exploits to profiles on AIM. The
attacker then sends messages to get the user to go look at the user
profile that has a .JPEG with the GDIplus.dll exploit in it,” the Center
said in an advisory.

The exploit only uses the AIM user profile feature to propagate
itself and does not target any vulnerabilities in the AIM software.

Anti-virus firm Symantec has released advisories
for two Trojan Horse programs exploiting the GDI+ library flaw described
in Microsoft’s MS04-028
advisory.

Symantec has updated its virus definitions to protect from
Trojan Moo,
which has been programmed to download an .EXE file from a Web
site. Symantec rates the Trojan Moo threat as “low.”

The company also warned that a backdoor Trojan exploiting the same
flaw was making the rounds. Symantec said the Trojan is capable of
connecting to a predefined IP address to start a command shell on an
infected system. A command shell allows an attacker to download and
execute harmful code from a predefined domain.

Removal instructions for the backdoor can be found
here.

  SEE ALL
ARTICLES  
Previous Article
The Right Way to Outsource Control Planning
Next Article
Why Can’t We All Just Get Along?

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

AI

AI in Cybersecurity: The Comprehensive Guide to Modern Security

AI in Cybersecurity: The Comprehensive Guide to Modern Security
Security

What Is Cybersecurity? Definitions, Practices, Threats

What Is Cybersecurity? Definitions, Practices, Threats
Security

How to Secure a Network: 9 Key Actions to Secure Your Data

How to Secure a Network: 9 Key Actions to Secure Your Data
Datamation Logo

Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.

Advertisers

Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.

Advertise with Us

Our Brands

Technologyadvice ServerWatch TechRepublic Enterprise Networking Planet eWeek Project Management eSecurity Planet IT Business Edge
Privacy Policy Terms & Conditions About Contact Advertise California - Do Not Sell My Information

Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.