Cyber attackers are gearing up to launch a new assault on the Internet, exploiting a flaw in the handling of a popular graphics format to deliver viruses and Trojan horses to computers around the world.

Hackers were scrambling to take advantage of the flaw after a code to exploit it was created and posted online Wednesday. Sample programs published on the Internet indicate the flaw could allow outsiders to take over machines, adding to their vast armies of remotely controlled robot computers. It could also be used to launch denial of service and other cyber attacks.

Security experts say the threat, which centres around the opening of jpegs, a graphics format in widespread use, is of particular concern because it can be spread in a number of ways — including simply through the viewing of web pages. In e-mail, it can be triggered even if users don’t open attachments in their mailboxes.

The flaw can be fixed through the Windows operating system Service Pack 2, but Symantec Corp., which specializes in information security, warns the vulnerability can also show up in other third-party software.

“It is a serious threat,” said Dee Liebenstein, product manager for Symantec’s DeepSight Threat Management System. “One of our concerns is that it can be used over and over again.

“You can patch your operating system, but this component is actually used in many different applications, not only by Microsoft, so there is a risk that you will patch your Microsoft operating system and later install a different application that has this same vulnerability.”

Liebenstein said the flaw has also elicited a particularly rapid reaction from hackers. The lag time between the release of the vulnerability and the release of a code to take advantage of it was barely two days, down from an average of six days.

“We saw this exploit code come out within a couple of days of the vulnerability being exposed,” said Liebenstein. “It happened very fast.

“It is one of the faster ones, and that is one of the reasons it is a big concern for everyone,” said Ryan Purita, senior security consultant with Vancouver‘s Totally Connected Security. Purita said that while the Windows Service Pack2 is available, there can be a lag time before corporate users install the update. The quick turnaround time between the release of the vulnerability and the code to exploit it puts corporations at even more risk.

“With corporations, it could be months before they roll it out and properly test it,” Purita said of the software update.

“This forces people to update almost immediately or they’ll get exploited.”

Purita said it is the first time he is aware of JPEGs being used to transport malicious code.

“I’ve never heard of a JPEG [Joint Photographic Experts Group] being able to carry a virus,” he said.

Purita said while some network administrators block JPEGs if their company doesn’t have any need for the format, virus writers have demonstrated they are able to get around that measure simply by changing the name of the file to any format that includes an image viewer. That could be something as innocuous as a Word file.

JPEGs can also be transmitted in the text of messages and Purita said attackers could make the JPEGs transparent, so a reader, on opening an e-mail, wouldn’t even be aware that a JPEG file had been activated and the rogue program installed on the computer.

“This is going to be a nasty one because is so simple,” said Purita.

Liebenstein said computer users who adopt the following best practices considerably reduce their risk:

– Update your computer with any patches that are available for the software applications you are running. Windows operating systems have an update button under the Start menu to take you to the Windows update website, or you can find a link to it through www.microsoft.com.

– Turn off HTML in your e-mail so your e-mail won’t be able to open JPEGs files within the text of a message.

– Update your anti-virus checker and firewall.

– Visit only websites that you know to be reputable.

© The Vancouver Sun 2004