Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JPEG Exploit Virus appears to be out and about


  • Please log in to reply
24 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:18 AM

Posted 27 September 2004 - 11:48 PM

It looks like a virus using the GDI+ Jpeg exploit has been developed and is in the wild. More information can be found here about what is happening:

http://www.easynews.com/virus.txt

Be sure to do your windows updates and read this tutorial:

GDI Scan Tutorial and how to fix the GDI+ JPEG Vulnerability

BC AdBot (Login to Remove)

 


#2 georgia

georgia

  • Members
  • 567 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 28 September 2004 - 10:43 AM

Your information on this issue is excellent. i hope that I am not posting in the wrong place. i fixed 1 issue yesterday and have a big one to do today as i being a newbie didn't know that Microsoft works suite 2003 would have updates.
And microsoft works is showing as a vulnerability after a SANS scan.
C:\Program Files\Microsoft Works\gdiplus.dll

i have reviewed the tutorial and went to the novice one as well, as I tried an experiment with one update and didnot know what to do.

I have 2 questions, one is when it asks me where to save it should i indicate "C" drive? and second it asks for a path to be assigned to the update.
Do all updates paths for microsoft office that I need to do have the path


C:\Program Files\Microsoft Works\gdiplu.dll

I don't even understand the word path and don't want to make a mistake with my updated downloads which I have to do before i can put on the patch.

I should also say that I am on dialup and the updates will take 180 minutes. What happens if I get dropped during this time, as it does happen where I get disconnected on shorter downloads. Does information get lost?

I hope that you don't think I am totally out to lunch. I would appreciate your advice, thankyou :thumbsup:
Talent is a flame. Genius is a fire.

#3 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:18 AM

Posted 28 September 2004 - 10:49 AM

Generally, for office you want to go to officeupdate.com and run the updates through their. It will install all the updates for you automatically. I am not sure if it covers Microsoft Works but you should give it a try.

If you cant do that, then you can download the update to your C: drive, and then run it. It should automatically find your installation of works and update it.

Then run gdi scan again and see if it finds the same exploitable dll.

#4 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:10:18 AM

Posted 28 September 2004 - 11:06 AM

Not sure what updates you are looking at, but that seems a very big update for MS Works. What you CAN do is break up a series of updates and download them one at a time.
Cheers,
John
Whereof one cannot speak, thereof one should be silent.

#5 georgia

georgia

  • Members
  • 567 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 28 September 2004 - 11:11 AM

Thanx for the quick response you are a gem. This problem is really bothering me and especially as a newbie. i made sure my restore point was created lest I gum things up.
But I still have one question before I give it a try and that is what if I get dropped off my dial-up during the download which happens. Or is there a download program that is good at seeing that this doesnot happen that you can suggest the name of? And that is user friendly.
I am sorry for all the questions here but I lead the life of a growing mushroom when it comes to computers!!!!!!!! :thumbsup:
Talent is a flame. Genius is a fire.

#6 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:18 AM

Posted 28 September 2004 - 11:19 AM

Well if you are doing it through office update, it will not install the update until it is completely downloaded. And I believe it has a resume function in case of loss of connection.

For downloading of the files first through the web browser, it will not install as well until it is fully downloaded and you run it. So dont worry about that. I am not sure of any good programs though that perform autoresume.

#7 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:18 AM

Posted 28 September 2004 - 03:11 PM

Hi Grinler
first of all thanks for the excellent tutorial - what a rapid response to my request! (or were you planning it anyway?) :trumpet:
I have a similar problem to Georgia. The office update site in my case suggested I needed Service pack 3 for my Office XP products. This is a 180 min d/load, and I have tried it twice today, but the connection dropped twice, and there is no resume function, so it was back to start on both occasions, and I still haven't done it.

On the rare occasions that I d/load stuff in IE I use download express from meta products, which has a resume function, but I can't invoke it for MS updates. http://www.metaproducts.com/mp/default.asp
I don't fancy spending three hours watching the d/load in case the connection drops. :flowers:

If anyone has any solutions to all this I guess we'd all be very grateful.

Another suggestion Grinler - how about a section of the board for interpretation of the GDI+ scan results, along the lines of HJT assistance! No, I know you have enough to do already, and it is appreciated, believe me! :thumbsup:

Luci2a

Edited by luci2a, 28 September 2004 - 04:08 PM.


#8 Grinler

Grinler

    Lawrence Abrams

  • Topic Starter

  • Admin
  • 43,503 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:11:18 AM

Posted 28 September 2004 - 03:12 PM

You all can post your gdi results in the general security forums for people to look at ...that would be fine.

You may also be able to get these updates via cd from microsoft

#9 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:18 AM

Posted 28 September 2004 - 03:30 PM

Thanks Grinler.
I'll look into the CD suggestion - haven't seen it advertised anywhere, but who knows...
It's a mess isn't it - I can't understand any of it. :thumbsup:

Luci2a.

#10 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:18 AM

Posted 28 September 2004 - 03:57 PM

Just been back to the update site, and did a search for "Office XP SP3 + cd" and got this! http://support.microsoft.com/default.aspx?...kb;en-us;832671

No CD though :thumbsup:

#11 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:10:18 AM

Posted 28 September 2004 - 04:12 PM

ZD net reports the first actual instances of the use of the JPEG vulnerability has been found on usenet newgroups. More information is here:


http://news.zdnet.com/2100-1009_22-5385995.html

Regards,
John

Are we taking about MS Office (e.g. WORD) or MS WORKS?
Cheers,
John

Edited by jgweed, 28 September 2004 - 04:16 PM.

Whereof one cannot speak, thereof one should be silent.

#12 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:18 AM

Posted 29 September 2004 - 04:19 AM

Hi John

In my case it is Office XP, which contains Word etc, all in the 2002 version. I think Georgia was referring to Works.

I am extremely confused by all this. I have XPPro SP2, and the GDI tool did not appear automatically in my critical updates - I went to the update site to browse optional updates, and found the tool listed as "high priority".
To add to my confusion, it says in several places that SP2 users are not at risk.
I was directed to look for Office updates, and find that Service Pack 3 is described as a critical update. I never knew it was necessary to search actively for critical updates for Office products - I thought anything critical would show up automatically, or have I been wrong all this time?

I had one non-essential non-MS program which showed up on the GDI+ scan - a link to Fuji for printing my digital pics, and I have removed this as I don't use it anyway.

I don't know enough about anything to know what the vulnerabilities shown in the scan refer to. I'll take Grinler's advice and post the results of a scan after d/loading the SP3, if I ever manage to do it!

Yours, more and more muddled

Luci2a

:thumbsup:

#13 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:11:18 AM

Posted 29 September 2004 - 05:49 AM

Hi - You can order the CD, and it looks to be even free (as I went through the form), but there's the possibilty of a good week or so wait. If you know someone who has high speed Internet or if an admin can burn a CD at work for you that can help. I'm on dialup at home and I also had to burn my own copy.

Still, everyone should get patched up on Windows immediately with Windows Update and you can get Office XP protected later, as most likely the 1st threats will be thru email and hostile web sites. AV protection can help you on Office until you can get that patched.


Office 2003 SP1
http://www.microsoft.com/office/ork/updates/2003/o2k3cd.htm

Office XP SP3
http://www.microsoft.com/office/ork/updates/xp/Oxpsp3cd.htm

#14 luci2a

luci2a

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:London UK
  • Local time:11:18 AM

Posted 29 September 2004 - 05:57 AM

Hi Harry

The link for ordering the CD seems to be for US users only, but I'll keep searching.

thanks

Luci2a

#15 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:11:18 AM

Posted 29 September 2004 - 06:41 AM

Harry,
Thanks for the link to order the CD. I too on dialup and detest the wasted time.

The CD is free of all costs. I just ordered a copy this a.m. (SEE excerpt of order conformation below.)

At the time I ordered it, they were only displaying availability for North America.



"Part Number: 269-08261
Product Name: Office Pro XP Win32 English Patch CD SP3
Qty: 1
Unit Price: 0.00
Item Total: 0.00

Subtotal: 0.00
Shipping: 0.00
Tax: 0.00
Total: 0.00 USD
(USD = US Dollar)"
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users