JPGTrojan.D is a program that allows to create images in JPG format that attempt to exploit the vulnerability described in the Microsoft bulletin MS04-028, Buffer Overrun in JPEG processing. This program is very similar to a previous variant, called JPGTrojan.C.
JPGTrojan.D offers several payloads to be included in the malicious JPG image:
- Open a command console on the affected computer.
- Add a new user called ASP32.NET to the affected computer and grant this user administrator rights.
- Specify a port to be opened, in order to allow remote access to the affected computer.
- Specify a remote IP address and a port and establish a connection.
- Download an executable file from the Internet and run it on the affected computer.
These malicious JPG images would be then distributed using several different methods. When such a specially crafted JPG image is opened using a vulnerable application, the code included within should be executed, thus compromising the computer.
However, JPGTrojan.D is full of programming errors, and as a result, only the images with the first payload do succesfully exploit the vulnerability. But even in this case, this does not pose a threat to the user, as it cannot be used to carry out remote attacks or compromise system security.
It is very recommendable to visit Microsoft's official website and check whether any application vulnerable to Buffer Overrun in JPEG processing is installed on your computer, and if so, apply the corresponding security patch.