x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with a 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET A 50% OFF
x
CHRISTMAS OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 40% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET A 50% OFF
x
BLACKFRIDAY OFFER
Buy the best antivirus
at the best price
TODAY ONLY UP TO 70% OFF
x
CYBERMONDAY OFFER
Buy the best antivirus
at the best price
(Only for homeusers)
TODAY ONLY UP TO 70% OFF
Active Scan. Scan your PC free
Panda Protection

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

JPGTrojan.D

Threat LevelModerate threatDamageHighDistributionNot widespread
Common name:JPGTrojan.D
Technical name:Constructor/JPGTrojan.D
Threat level:Low
Type:Security Risk
Subtype: Virus Constructor
Effects:  

It allows to create JPG images that exploit the Buffer Overrun in JPEG processing vulnerability, which would allow to gain remote access to the computer.

Affected platforms:

Windows 2003/XP/2000/NT/ME/98/95

First detected on:Oct. 13, 2004
Detection updated on:Oct. 13, 2004
StatisticsNo

Brief Description 

    

JPGTrojan.D is a program that allows to create images in JPG format that attempt to exploit the vulnerability described in the Microsoft bulletin MS04-028, Buffer Overrun in JPEG processing. This program is very similar to a previous variant, called JPGTrojan.C.

JPGTrojan.D offers several payloads to be included in the malicious JPG image:

  • Open a command console on the affected computer.
  • Add a new user called ASP32.NET to the affected computer and grant this user administrator rights.
  • Specify a port to be opened, in order to allow remote access to the affected computer.
  • Specify a remote IP address and a port and establish a connection.
  • Download an executable file from the Internet and run it on the affected computer.

These malicious JPG images would be then distributed using several different methods. When such a specially crafted JPG image is opened using a vulnerable application, the code included within should be executed, thus compromising the computer.

However, JPGTrojan.D is full of programming errors, and as a result, only the images with the first payload do succesfully exploit the vulnerability. But even in this case, this does not pose a threat to the user, as it cannot be used to carry out remote attacks or compromise system security.

 

It is very recommendable to visit Microsoft's official website and check whether any application vulnerable to Buffer Overrun in JPEG processing is installed on your computer, and if so, apply the corresponding security patch.

Visible Symptoms 

    

JPGTrojan.D is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.