It's one thing to say a particular image bugs you, but it's something else again for someone to take it a little too literally: Hackers are believed closer to figuring out how to spread computer viruses just by getting you to open an e-mail or visit a Website that includes a contaminated .jpeg image.
Several computer security experts are warning that a new security flaw in Microsoft Windows XP and Server 2003 is prone to new tools the hacker world is developing to take control of people's computers – a flaw in the computer code that displays .jpeg image files, through which hackers embed viruses into digital photographs the minute you visit an infected Website or open a specially-designed e-mail.
Microsoft identified the flaw a week ago and has since issued a patch for it, but this isolates a shift in how security experts are urging less tech-savvy Netizens to stay safe, according to several reports. "We always said there's no way you can be infected [with a computer virus] just by looking at a photograph online, but now it looks like we may have to eat our words on that," said SANS Internet Storm Center and former White House cyberspace security advisor Marcus Sachs to reporters. "This year we've seen a lot of changes to the fundamental ways we thought we were secure."
TruSecure Corp. chief scientist Russ Cooper believes it's pretty likely you'll see one or another kind of malicious code target the Microsoft flaw "very soon. The security hole is just too attractive for the bad guys to pass up."
The Washington Post said this kind of malware infection could "give new life to a kind of Internet threat that so far has been the stuff of myths and hoaxes. For years, Internet chain letters have warned users to be on the lookout for viruses or worms that can wreak digital havoc just by getting people to open an e-mail message. In reality, most viruses arrive as e-mail attachments and do not activate unless the user opens the attachment."
Cooper said most companies don't really see digital images as virus threats and usually let them pass undisrupted through corporate firewalls, but the Post said security experts' fears stem from a big change in how fast virus writers jump on discovered vulnerabilities to take over home and business computers alike. Norton AntiVirus makers Symantec earlier this week issued a six-month analysis saying it is now less than six days between the announcement of a software flaw and the arrival of malware aimed at exploiting it.
