Jump to content


Photo

BMP Files May Contain New Virus

Started by smckillop , May 26 2004 10:50 AM

  • Please log in to reply
6 replies to this topic

#1 smckillop

smckillop

    Rockin' Apple of SWI

  • Retired Staff - Helper
  • PipPipPip
  • 143 posts

Posted 26 May 2004 - 10:50 AM

From Kaspersky Labs http://www.kaspersky...ws?id=148515536

Here's a tidbit

Kaspersky Labs, a leading information security software developer has detected a mass mailing of a new Trojan named Agent. Agent infects victim machines when users view graphics in BMP format.

Agent exploits a vulnerability in MS Internet Explorer versions 5.0 and 5.5 which allows malicious code to be launched on victim machines via modified BMP files. This vulnerability is a direct result of the Windows source code leak and was first detected on February 16, 2004.


Probably old news for some but I thought it may interest others here.
smckillop
He who has tasted a sour apple, will have the more relish for a sweet one.

If the information I have provided has been helpful, please consider Supporting SpywareInfo

#2 dave38

dave38

    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 26 May 2004 - 05:01 PM

MS Internet Explorer versions 5.0 and 5.5


That's the important point, right there!
Both those versions of IE are well past their sell-by date. Yet another reason to urge updates on any infected machine.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 Man_Beach

Man_Beach

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 27 May 2004 - 05:49 AM

If this is the same thing, then I don't think that I've got too many worries in continuing to use IE5 -

TrojanDownloader.BMP.Agent.a

This TrojanDownloader expolits a vulnerability in MS Windows accessible during viewing BMP files.

To date Agent only affects Russian versions of MS Windows 2000.

Agent may cause email clients to close on other versions of Windows or in other operating systems.

Agent launches the UrlDownloadToFileA function and downloads another Trojan, Backdoor.Throd.a from the a1qwertya1.biz.ly site. Throd is saved on the c drive as \sys.exe and launched.



http://www.viruslist...html?id=1503649

#4 dave38

dave38

    Devout Murphyite!

  • Retired Staff
  • PipPipPipPipPip
  • 8,508 posts

Posted 27 May 2004 - 04:07 PM

bojemoi!
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#5 wawadave

wawadave

    Advanced Member

  • Full Member
  • PipPipPip
  • 126 posts

Posted 27 May 2004 - 07:25 PM

one more picture exploit!
<b>MYTH!!!!
Putting quotes around posts does not protect you from copy right infringement.</b>
<img src="http://img54.photobu...r_wawadave.gif" border="0" alt="IPB Image" />

#6 Bladeoz

Bladeoz

    Member

  • Full Member
  • Pip
  • 13 posts

Posted 27 May 2004 - 11:25 PM

ever since around 1995 - I thought that image files were an issue... I've always thought that they could harbour viruses - let alone spyware and other little buggers :S Am I wrong?

(**probably eh?? LMFAO**)
Just watch'in a bad dream I never wake up from

#7 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 31 May 2004 - 08:38 PM

There used to be an old JPEG virus hoax way back when... oh, well. At least any computer sold these days comes with IE6.

Of course, if you're using a _real_ browser such as Firefox, you won't have this problem.

And who uploads .BMP files anyways? JPGs and PNGs are so much less space-consuming.
Signature file is under revision. This will be back shortly.
Back to Security Warnings


  1. SpywareInfo Forum
  2. General Computing Issues
  3. Security Warnings
  4. Privacy Policy
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button