Major Computer Virus Attack Could Hit Within a Week

A new "tool" is surging across the Web that hackers can use to exploit security flaws recently found in several products from Microsoft Corp.


Computer users, beware -- a major virus attack is coming, perhaps within the week. The reason: A new "tool" is surging across the Web that hackers can use to exploit security flaws recently found in several products from Microsoft Corp.

Web watchers issued dire warnings over the weekend and urged PC users to repair the flawed programs immediately after JPGDown.a, also known as JPGDownloader, appeared soon after Microsoft posted patches on its Web site.

Typically, it takes about six days after Microsoft announces a product flaw for virus writers to develop customized codes to exploit it. But JPEGs historically have posed little security risk, and many people have yet to install the patches. Those factors combined greatly expand the threat potential, encouraging hackers to move quickly.

The flaws in question affect Microsoft programs that handle JPEG-formatted image files -- files with a ".jpg" extension after their name. Opening a malformed JPEG subsequently opens a program hole through which virus writers can inject malicious code.

"If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges," Microsoft said in a statement.

Not just any malformed JPEG does this; only JPEGs specifically modified with the tool trigger the flaws, and users must first open the files with either Microsoft's Internet Explorer Web browser or Outlook e-mail program. The JPEGs typically come attached to unsolicited e-mail or lurk in Web pages that the unscrupulous lure the unsuspecting into visiting.

Alarms of a comprehensive Web-wide attack began sounding online early Saturday, popping up atop a variety of industry trade journals and Web logs, urging PC users to update their Windows operating systems and Office productivity software without delay.

Although the operating systems by themselves aren't at risk, they're made vulnerable by running any of the flawed programs.

Those programs include Microsoft Office XP and 2003, Digital Image Pro, all versions of Picture It!, and Visual Studio.NET 2003 and 2002. Only Windows XP Service Pack 2 isn't affected.