@RISK Online - The Security Blog

Web Hosting by Netfirms | Free Domain Names by Netfirms

[Previous entry: "Politics... Ugh!"] [Main Index] [Next entry: "SchmooCon 2005 Comes To Washington DC"]

09/28/2004: "JPEG Virus on the loose. Don't Panic... Prepare!"

Reports have come in about a JPEG virus released to USENET earlier this week. This actually appears to be primarily a trojan and not a worm, but future variants could include propogation capabilities. It's reported that the infected computers so far are being controlled by one individual.

The SANS Internet Storm Center has released a tool called GDIScan that will check for any programs that might be using an exploitable version of the GDI driver.

Is this the next Code-Red or Slammer? It's too early to tell. But, Please, don't panic... Prepare!

1. Determine your exposure. Are you vulnerable? Use the GDIScan tool and take a look at your systems.
   
2. Apply the appropriate security patches. Start testing and deploying these patches NOW. The exploits are propagating already.
   
3. Update your virus signatures. Do this on a regular basis, but especially at a time when an exploit of this nature has started its life cycle.
   
4. Be alert. Monitor traffic patterns, firewall and IDS logs, etc. Watch for abnormal traffic patterns or surges. Track your Helpdesk support calls. Is there a new trend developing in the calls? Users may not know what the problem is, but they may alert you indirectly.
   

Navigation:

My Blogroll:

Security Advisories:

Defacements Archive:

Security News:

Security Tools: