Free scanner+repair for infected JPEGs (MS04-028)
As many of you would know there is a critical vulnerability that allows attackers to gain control over a remote system simply by enticing the victim into viewing a specially-crafter JPEG file.

A free scanner has now been released to help with the detection and disinfection/repair of JPEG files infected with MS04-028 exploit code. The scanner is available in both console and GUI user interfaces, and at less than 30kbs in size it's a quick download and easy to use. More information and the direct download link can be found here:
http://www.diamondcs.com.au/jpegscan/

Please help us spread the word, and please share with your friends and colleagues to help reduce their chance of infection. Enjoy the program.

I have a question on this. I am hoping you are referring to the GDI exploit. And the XP SP2 fix. Which I didnt download. But i think someone has gone just a we bit overboard on this. When I had previously installed this detection tool. It was saying my own jpg images I had created myself where infected. Which is a big load of hooey. So can anyone in the no please address this.

I have a question on this. I am hoping you are referring to the GDI exploit. And the XP SP2 fix. Which I didnt download. But i think someone has gone just a we bit overboard on this. When I had previously installed this detection tool. It was saying my own jpg images I had created myself where infected. Which is a big load of hooey. So can anyone in the no please address this.
Hello,Dark_Regent
I pmed Wayne over at Wilders for you and on his behalf here is his reply-->
Hi Dark_Regent,
We haven't received any reports yet of either false positives or missed detections, so if you could kindly email a couple of your JPEGs to jpegscan (at) diamondcs.com.au it would be very much appreciated and we'll be able to give you a more definitive answer. You also said that the detected JPEGs were ones that you created yourself so we'd very much like to know which program you used to create them. We've tried it against various JPEGs created with Adobe Photoshop, Paint Shop Pro and various other programs that allow images to be saved as JPEGs, and have never had any problems.

Thanks very much,
Wayne

P.S. If you would like here is a link to wilders on the subject matter
Wilders/Free scanner (http://www.wilderssecurity.com/showthread.php?t=51945)

The jpeg exploit has been around awhile.. saw it a year ago @ http://www.hackology.com

The jpeg exploit has been around awhile.. saw it a year ago @ http://www.hackology.com

I'm not sure what particular exploit you're referring to (a site-specific Google search (http://www.google.com/search?as_q=JPEG&as_sitesearch=www.hackology.com) found nothing?), but this particular JPEG vulnerability is new (September 2004), unique, and critical. There have been known vulnerabilities in the past where, for example, a specially-crafted .BMP would cause the viewing program to crash, but this JPEG vulnerability also allows for code execution (simply by viewing the image or its thumbnail) which is why it's such a critical vulnerability.

Best regards,
Wayne

Hello,Dark_Regent
I pmed Wayne over at Wilders for you and on his behalf here is his reply-->


P.S. If you would like here is a link to wilders on the subject matter
Wilders/Free scanner (http://www.wilderssecurity.com/showthread.php?t=51945)

Well 99% of mine are from my digital camera but I do use paintshop pro to edit them. Every time I got the exploit was from my own site which is a online gallery. You can find it here at http://www.ravenprom.org/gallery/

Hi hayc59



Thanks for the Heads Up, much appreciated:)


---

regards

minir

Well 99% of mine are from my digital camera but I do use paintshop pro to edit them. Every time I got the exploit was from my own site which is a online gallery. You can find it here at http://www.ravenprom.org/gallery/

I've downloaded and scanned the entire http://www.ravenprom.org/gallery/data/media/1/ and /8/ directories but none of those JPEGs are detected as being infected, can you please provide a link to one? Thanks

Nope I sure cant. When it happened my firewall just shut it all down. Cant say which pic was doing it. I have since then uninstalled the GDI update from microsoft.