BMP Files May Contain New Virus

#1 smckillop

Rockin' Apple of SWI

Retired Staff - Helper
143 posts

Posted 26 May 2004 - 11:50 AM

From Kaspersky Labs http://www.kaspersky...ws?id=148515536

Here's a tidbit

Kaspersky Labs, a leading information security software developer has detected a mass mailing of a new Trojan named Agent. Agent infects victim machines when users view graphics in BMP format.

Agent exploits a vulnerability in MS Internet Explorer versions 5.0 and 5.5 which allows malicious code to be launched on victim machines via modified BMP files. This vulnerability is a direct result of the Windows source code leak and was first detected on February 16, 2004.

Probably old news for some but I thought it may interest others here.

smckillop
He who has tasted a sour apple, will have the more relish for a sweet one.

If the information I have provided has been helpful, please consider Supporting SpywareInfo

#2 dave38

Devout Murphyite!

Retired Staff
8,508 posts

Posted 26 May 2004 - 06:01 PM

MS Internet Explorer versions 5.0 and 5.5

That's the important point, right there!
Both those versions of IE are well past their sell-by date. Yet another reason to urge updates on any infected machine.

Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 Man_Beach

Member

Full Member
18 posts

Posted 27 May 2004 - 06:49 AM

If this is the same thing, then I don't think that I've got too many worries in continuing to use IE5 -

TrojanDownloader.BMP.Agent.a

This TrojanDownloader expolits a vulnerability in MS Windows accessible during viewing BMP files.

To date Agent only affects Russian versions of MS Windows 2000.

Agent may cause email clients to close on other versions of Windows or in other operating systems.

Agent launches the UrlDownloadToFileA function and downloads another Trojan, Backdoor.Throd.a from the a1qwertya1.biz.ly site. Throd is saved on the c drive as \sys.exe and launched.

http://www.viruslist...html?id=1503649

#4 dave38

Devout Murphyite!

Retired Staff
8,508 posts

Posted 27 May 2004 - 05:07 PM

bojemoi!

Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 wawadave

Advanced Member

Full Member
126 posts

Posted 27 May 2004 - 08:25 PM

one more picture exploit!

<b>MYTH!!!!
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />

#6 Bladeoz

Member

Full Member
13 posts

Posted 28 May 2004 - 12:25 AM

ever since around 1995 - I thought that image files were an issue... I've always thought that they could harbour viruses - let alone spyware and other little buggers :S Am I wrong?

(**probably eh?? LMFAO**)

Just watch'in a bad dream I never wake up from

#7 Tuxedo Jack

Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

Expert
1,757 posts

Posted 31 May 2004 - 09:38 PM

There used to be an old JPEG virus hoax way back when... oh, well. At least any computer sold these days comes with IE6.

Of course, if you're using a _real_ browser such as Firefox, you won't have this problem.

And who uploads .BMP files anyways? JPGs and PNGs are so much less space-consuming.

Signature file is under revision. This will be back shortly.