Computer Underground Pounds Windows Source Codes

17 Feb 2004
Virus News

Kaspersky Lab, a leading information security software developer warns users about a new vulnerability in Internet Explorer (5.0, 5.5 and 6.0) and Outlook Express 5.0. The new vulnerability allows cyber-criminals launch malicious programs on breached computers using files in BMP format. The vulnerability was discovered by an unknown individual nicknamed 'GTA' and published on several security web sites. The author provided an example of a possible attack and went on to comment that the proposed scenario was based on a detailed analysis of the Windows source code (details). "This report confirms our worst fears; the computer underground is pouncing on the Windows source code in search of new attack methods. The speed at which the first discovery appeared forces us to seriously re-evaluate the immediate future of the Internet", comments Eugene Kaspersky, Head of Anti-Virus Research at Kaspersky Lab, "From now on, we can expect similar surprise any minute." The lack of patches for Internet Explorer and Outlook Express make this new vulnerability particularly dangerous. Only users who have Windows XP with Service Pack 1 can relax for now: tests have demonstrated that this configuration is immune. At the same time, the new vulnerability poses a serious threat to all Internet users. It turns out that virus writers can create BMP files which load malicious programs onto victim machines while users are looking at images. In fact, infection can occur both while reading mail in Outlook and while surfing the web. 'At this point in time, we have not detected any viruses that use this exotic new method to attack computers. However, the chances of one appearing in the near future are very real indeed', added Eugene Kaspersky. Kaspersky Lab has already released a special anti-virus database update protecting against malicious programs utilizing this vulnerability. The contents of BMP files are scanned and potentially dangerous objects are detected when they attempts to breach computers via either the Internet or emails.