Jack Writes: A tool that makes it easy to craft malicious JPEG images then let them loose against vulnerable Windows PCs has appeared, security experts said Friday, leading many to believe an MSBlast-style attack may not be far in the future.
Dubbed JPGDown.a or JPGDownloader, the tool lets hackers designate a download Web site, and then builds a malformed JPEG image file that can be distributed to attack Windows machines open to the now-patched vulnerability Microsoft announced last week. When the victim views the image file -- sent as an attachment, say, to an e-mail message -- a download's begun from the site the hacker specified. Any code can be downloaded from the remote site to the compromised PC.
"This is a simple tool that makes it trivial for even unskilled attackers to author hostile JPEG files," said Ken Dunham, director of malicious code research for security intelligence firm iDefense, in an e-mail to TechWeb.
Dunham added that the tool, "significantly increases the likelihood of widespread JPEG attacks." Panda Software, meanwhile, said that the tool was a solid clue that a worm exploiting the vulnerability was "imminent."
"Given the nature of the problem, Trojans are a great threat, especially as they can go unnoticed by users but are frequently used by cyber crooks for online fraud," said Luis Corrons, the head of PandaLabs, in a statement.
One of the uses of the JPGDown.a tool would be to compromise a PC, then download a Trojan horse or other backdoor component from a remote Web site.
Dunham used the analogy of MSBlast. "The threat scene [now] is similar to that of Blast in 2003. Within a few days [last year] exploit code surfaced, and then improved exploit code, followed by a Trojan tool, Trojans, and worms.
"It's likely that Trojans and possibly worms will soon emerge in the wild now that such a tool and exploit code exists in the virus writing underground," he added.
With a worm and full-scale attack looming, users should patch vulnerable systems immediately. Windows and numerous applications are vulnerable, according to the security bulletin Microsoft released last Tuesday.