According to director of antivirus research for F-Secure Mikko Hypponen, antivirus software will strain to find JPEG malware because by default it only searches for .exe files.
"Normal antivirus software by default will not detect JPEGs," said Hypponen. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."
There are around 11 similar file extensions that JPEGs can be changed to, such as .icon or .jpg2. Hypponen said that this would make searching for malicious JPEGs even more difficult because it could take up a significant amount of valuable processor power.
Internet Explorer processes JPEGs before it caches them. That could also mean that desktops would become infected before antivirus software had a chance to work.
"This means that it is not enough to scan at the desktop," said Hypponen. "You have to scan at the gateway, but this will put a huge load on your bandwidth."
Hypponen said that he expected a virus attack using the exploit to occur soon: "There has been so much interest in this vulnerability that someone is bound to do this. But saying that, there was a similar vulnerability found two months ago in Bitmaps, and no one has exploited that yet."
Yesterday code that exploits the way Microsoft Windows processes Jpegs was posted to U.S. newsgroup Easynews. Hypponen wrote on the F-Secure weblog that this was not a virus because it had no way of spreading. In order for the code to infect a machine, a user must download the image it purports to be and view it in Windows Explorer.
Yesterday Microsoft hit back at critics over its handling of the vulnerability. In a prepared press statement, it said: "Microsoft does not consider this a high risk to customers given the amount of user action required to execute the attack and is not currently aware of any significant customer impact. We will continue to investigate the situation and provide customers with additional resources and guidance as necessary."
Additional reporting by Rob Lemos of ZDNet UK sister site CNET News.com
Talkback
The basic problem is now all worm attacks since MS Blaster have been in one way or another testing various methodologies that can be used to create multiple DDoS//DoS attacks, stealth through network security devices, discover and attack key AV/security vendor appliances or software, conduct external queries, copy key spyware concepts of "blended attacks or drive by downloads so one can conduct extortion attemtps, or ID theft---and it is being done by what I would now term
"virtual attack machines". These are the thousands of infected but dormant pcs (bots)globally that can be literallly turned on or off now at will and where one can purchase on some sites entire lists of "bots".
Even one of the latest worms carried the first ever "sniffer" filter. So in fact the concept of criminally organized and supported cyberwarfare in now upon us.
The leading AV/Security vendors do not have an answer to how to defend against a "virtual attack" ---here is a great comment from a leading AV vendor that seems to be saying the same thing but would never publically admit the concept of a "virtual attack machine" as they have no answer against it either.
“Bot (or zombie) networks create unique problems for organisations and individual PC users as systems can be automatically upgraded with new exploits very quickly, allowing attackers to outpace efforts to patch or download security updates.”
So what is the answer from the AV and Security vendors----is in fact the security paradigm of "defense in depth" actually out dated even though millions have been spent on it and in fact more millions spent on it this year?
Is it not time to recognize the failure and get creative and demand from the security vendors a truly "adaptive or mutating security layer" that follows the concept "from the core to the edge in real time and proactive"---core meaning network services being provided to an end user where ever they are located.
Actually all elements are in fact avialable to put an early warning system immdeiately to incliude a very creative mutating AI, but the leading security vendors simply do not want to use them as mostly come from innovative smaller companies.
From a networker of 15 years that cannot believe security has actually gone backwards not forwards in the last 12 months.