- Panda Software warns of the imminent appearance
of viruses hiding in JPEG files -
Virus Alerts, by Panda Software
(http://www.pandasoftware.com)

MADRID, September 24, 2004 - Microsoft has recently reported a
vulnerability
called Exploit/MS04-028, affecting the process of viewing
JPEG files.
The
problem affects many of the company's applications including
Office XP,
Office 2003 or Windows XP.

When a user opens a JPEG image that has been specially
crafted to
exploit
the vulnerability, a buffer overflow occurs that could allow
malicious
action to be taken on the computer, including downloading
and running
of
files. For this reason, it was just a matter of time before
malicious
code
exploiting this flaw appeared.

PandaLabs has now detected the circulation of a kit, called
Constructor/JPGDownloader, for creating JPEG images that exploit
Exploit/MS04-028. This kit lets malicious users specify the
web page
from
which all kinds of applications could be downloaded simply
when the
unsuspecting victim opens the malicious JPEG file.

According to Luis Corrons, head of PandaLabs: "There is no
doubt that
virus
creators will take advantage of the new vulnerability and
will try to
launch
all kinds of viruses that exploit it. In particular, given
the nature
of the
problem, Trojans are a great threat, especially as they can go
unnoticed by
users but are frequently used by cyber-crooks for online
fraud. The
fact
that the files in question are JPEGs is another important
factor, as
they
are so frequently used in web pages or exchanged via email.
The scene
is
changing from one where worms used to pass themselves off as
images to
one
where the image is actually part of the worm".

To avoid viruses that use the Exploit/MS04-028
vulnerability, Panda
Software
offers the following advice:

- Find out if your computer is vulnerable and install the patch
provided by
Microsoft to correct the problem. To do this, go to:
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

- Don't open JPEG files from unreliable sources, no matter
how you have
received them (floppy, CD-ROM, email, instant messaging,
chats, etc).

- Don't visit dubious web pages such as those dedicated to
hacking or
illegal downloads, etc.

In addition, if your system is protected by any Panda
Software product,
make
sure this protection is up-to-date. The company has made the
corresponding
updates available to clients to detect and block the
Exploit/MS04-028
vulnerability.

For more information on Exploit/MS04-028,
Constructor/JPGDownloader or
other
threats, go to Panda Software's Virus Encyclopedia at:
http://www.pandasoftware.com/virus_info/encyclopedia/