Hacker Tools Mean JPEG Worm Coming Soon

Jack Writes: A tool that makes it easy to craft malicious JPEG images then let them loose against vulnerable Windows PCs has appeared, security experts said Friday, leading many to believe an MSBlast-style attack may not be far in the future.

Dubbed JPGDown.a or JPGDownloader, the tool lets hackers designate a download Web site, and then builds a malformed JPEG image file that can be distributed to attack Windows machines open to the now-patched vulnerability Microsoft announced last week. When the victim views the image file -- sent as an attachment, say, to an e-mail message -- a download's begun from the site the hacker specified. Any code can be downloaded from the remote site to the compromised PC.

"This is a simple tool that makes it trivial for even unskilled attackers to author hostile JPEG files," said Ken Dunham, director of malicious code research for security intelligence firm iDefense, in an e-mail to TechWeb.

Dunham added that the tool, "significantly increases the likelihood of widespread JPEG attacks." Panda Software, meanwhile, said that the tool was a solid clue that a worm exploiting the vulnerability was "imminent."

"Given the nature of the problem, Trojans are a great threat, especially as they can go unnoticed by users but are frequently used by cyber crooks for online fraud," said Luis Corrons, the head of PandaLabs, in a statement.

One of the uses of the JPGDown.a tool would be to compromise a PC, then download a Trojan horse or other backdoor component from a remote Web site.

Dunham used the analogy of MSBlast. "The threat scene [now] is similar to that of Blast in 2003. Within a few days [last year] exploit code surfaced, and then improved exploit code, followed by a Trojan tool, Trojans, and worms.

"It's likely that Trojans and possibly worms will soon emerge in the wild now that such a tool and exploit code exists in the virus writing underground," he added.

With a worm and full-scale attack looming, users should patch vulnerable systems immediately. Windows and numerous applications are vulnerable, according to the security bulletin Microsoft released last Tuesday.

Source: http://www.internetweek.com/allStories/showArticle.jhtml?articleID=47902912