Re: Infected jpeg files?

From: Pete Simpson (pete.simpsonat_private)
Date: Mon Nov 12 2001 - 05:04:19 PST

Next message: Caiaphas Pechorin: "Re: Bug in bash ?"

Previous message: walter valenti: "Re: Bug in bash ?"
Maybe in reply to: rginskiat_private: "Infected jpeg files?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It is possible to stash malware e.g. bo2k.exe in a zip file and use the DOS
copy command to prepend some innocuous jpg. "copy apic.jpg + bo2k.zip
bo2k.jpg /b". The resultant file renders as a jpg in IE, but the jpg part
is completely ignored when you open as an archive under winzip.

This doesn't mean that an unsuspecting user could trigger the malware, but
it does mean that malware can be easily moved around an organisation under
the guise of some innocuous jpg. This technique has been used for some time
for the purposes of disguising pirate software.

--------------------------------
Pete Simpson
Threat Lab Manager
Research Department
Baltimore Technologies Content Security Group
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia

mQCNAzoe8V4AAAEEAL/Gi1BY8zY0E0uLDdvCN/J2D/pD492iFIVi9GeWWz1QbLo2
f/YKnGVeKsTYjWQHfFh4fKDpzHgC/Ufmswf4a74C/jQQ/buw8X+wWSTzsZ2W2ZaV
jMVLj969ZopoHiv4yoNtb+m4erbvthfQbabhDZES5RHl3Qj/k+Z175sVOEblAAUR
tBJDb250ZW50IFRocmVhdCBMYWKJAJUDBRA6HvFe5nXvmxU4RuUBASSHA/wLM+kk
+a+Bdt3AyRV5UCQQf/yyvCdDKEZqM5q9SqO6sR13GF4kMbRY/7/ZS+/0f98IjplZ
er9mpblsJcM60yeWmV+LnxDo2eEZgTHW8h65pZRT6QYHAgXFBAKpV4D5AH8aV5S4
HrK7aShzXNGNcQRiBoUU7ELP/CgXlqD41J6NQA==
=qsME
-----END PGP PUBLIC KEY BLOCK-----

-----------------------------------------------------------------------------------------------------------------
The information contained in this message is confidential and is intended
for the addressee(s) only. If you have received this message in error or
there are any problems please notify the originator immediately. The
unauthorized use, disclosure, copying or alteration of this message is
strictly forbidden. Baltimore Technologies plc will not be liable for direct,
special, indirect or consequential damages arising from alteration of the
contents of this message by a third party or as a result of any virus being
passed on.

This footnote confirms that this email message has been swept by
Baltimore MIMEsweeper for Content Security threats, including
computer viruses.

Next message: Caiaphas Pechorin: "Re: Bug in bash ?"
Previous message: walter valenti: "Re: Bug in bash ?"
Maybe in reply to: rginskiat_private: "Infected jpeg files?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 12 2001 - 08:37:59 PST