Never Ending Story
Looks like Microsoft is having problems with it’s latest and greatest behemoth update to WinXP as security experts have already found a hole that lets malicious programs hide as images that automatically install and then run when Windows is re-started. The funny thing too, is that the ability to hide executables in files with a .jpg (or any other extension for that matter) has been around a long time. Knock on wood, but still gliding along with Zone Alarm and a good Lynksys router myself and not entrusting security to my operating system by itself. Firewalls and routers have nothing to do with the exploit above of course, best remedy is to not go to web sites that are of dubious nature to not have that happen.
The bug works on systems patched with SP2. When an infected system is re-booted, the planted program will run.
The loophole, which strikes when files are dragged and dropped from the net on to a local zone, was found by an ethical hacker who goes by the handle of http-equiv. A demonstration of the bug has been posted on the Malware website.
“Given the significant amount of user action required to execute an attack, Microsoft does not consider this to be a high risk for customers,” said Paul Randle, head of all things XP at Microsoft UK.
Hmmm, is he saying that dragging and dropping a file from one window to another is a “significant amount of user action”? As it seems that the general population see no difference between thier internet browser window and a window on thier desktop, good old Mr. Randle is talking through his hat.