Welcome to the Virus Encyclopedia of Panda Security.
It allows to create JPG images that exploit the Buffer Overrun in JPEG processing vulnerability, which would allow to gain remote access to the computer.
|First detected on:||Oct. 5, 2004|
|Detection updated on:||Oct. 5, 2004|
JPGTrojan.C is a program that allows to create images in JPG format that exploit the vulnerability described in the Microsoft bulletin MS04-028, Buffer Overrun in JPEG processing.
JPGTrojan.C offers several payloads to be included in the malicious JPG image:
- Add a new user to the affected computer and grant this user administrator rights.
- Specify a port to be opened, in order to allow remote access to the affected computer.
- Specify a remote IP address and a port and establish a connection.
- Download an executable file from the Internet and run it on the affected computer.
These malicious JPG images are then distributed using several different methods. When such a specially crafted JPG image is opened using a vulnerable application, the code included within is executed, thus compromising the computer.
However, some of these payloads can only be carried out if the language of the operating system is English, and a specific version of the DLL (Dynamic Link Library) GDIPLUS.DLL is installed on the computer.
It is very recommendable to visit Microsoft's official website and check whether any application vulnerable to Buffer Overrun in JPEG processing is installed on your computer, and if so, apply the corresponding security patch.
JPGTrojan.C is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.