Caught Looking: JPEG Virus

Was just reading on Slashdot that the first real JPEG virus with a real payload was found in the wild, posted to USENET. It installs remote control software on your computer, allowing ne’er do wells to control it as if they were actually sitting at it.

This is a disturbing class of virus because you could be infected by viewing a picture on the Internet. Programs that use Microsoft’s GDI+ library (a piece of code for manipulating graphics) are at risk. Microsoft has a long list of patched applications and updates too. So patch immediately.

It’s also disturbing because this is a pretty common code library that a lot of newer applications use. Since it’s a code library, it’s shared among programs. So any program that displays graphics potentially is at risk, if they use the JPEG decoding function of the library.

As an experiment, I download SysInternal’s Process Explorer to see what programs seemed to be using GDI+. Windows Explorer for XP does, but nothing else appears to. But I’m not as familiar with Windows application architecture as I’d like, so this isn’t much to go on.

Your email program may also be at risk. I use TheBat!, which doesn’t display graphics by default, but you CAN view attachments. Since it’s German software, it’s probably all hand-coded and not suceptable.

Bah. This sucks.