It comes as a URL from infected users and leads to a JPG file which, unless protected, runs something somehow and blows everything up.
I didn’t get infected, I never do, so I was hoping anybody here was infected and figured a way to clean your system.
Asking for my friends, btw.
The JPG file format allows for a hidden data stream. They call data held in these hidden streams metadata. It’s meant to be used by authors for their stuff & for cameras to store any picture data. Anyway, long story short… worms have been found in JPG hidden data streams. I’m not 100% sure how they are executed… But, I suspect it will be some sort of buffer overflow attempt on the client reading the JPG file (and the metadata) & a subsequent code-injection… if it succeeds.
The following URL is for a tool called JPEGScan & it scans for these hidden data streams.
http://www.diamondcs.com.au/jpegscan/
If WinXP/2000 is up-to-date this problem has been patched i think.
cheers, rotty
MS patch for this was issued in December 2004. If your friends have been stung, it’s because they aren’t patched.
Ewen 