Author Topic: xp service pack 2  (Read 992 times)

Offline Eagler

  • Plutonium Member
  • *******
  • Posts: 18221
correct
« Reply #30 on: June 01, 2005, 11:42:40 AM »
they are butterflies in disguise :)
"Masters of the Air" Scenario - JG27


Intel Core i7-13700KF | GIGABYTE Z790 AORUS Elite AX | 64GB G.Skill DDR5 | 16GB GIGABYTE RTX 4070 Ti Super | 850 watt ps | pimax Crystal Light | Warthog stick | TM1600 throttle | VKB Mk.V Rudder

Offline StarOfAfrica2

  • Platinum Member
  • ******
  • Posts: 5162
      • http://www.vf-17.org
xp service pack 2
« Reply #31 on: June 01, 2005, 12:19:35 PM »
Quote
Originally posted by Elyeh
Yes and no....
The virus is a exe disguised to look as a .jpg

According to the article it could happen. Its says it WOULD be stored as a normal.jpg file.

It seems that its still speculation. Article never claimed it has actually been done yet..... Just it could happen

 As of right now though,  the .jpg is harmless.... its the code added to it that makes it become a virus.

Not to dispute this, and i agree its something to watch for.

The only point I was trying to make was that a plain ole .jpg is harmless. I had the feeling that the poster was maybe paranoid to open a .jpg file based on what they read.

I was just letting him know that 99.9% a .jpg is just that....
a data file.

It would by like saying if I open my eyes I'll get blinded.....
Yes and no. It depends what I look at when I open them.

Key points to follow.....
If you dont reconize the sender.... delete the email if it has an attachment.

look at the properties of the attachment. If you dont reconize it dont open it.

SOA2....... I enjoy these debates,
thanks


Elyh I think you are confusing two different kinds of issues.  IIRC there was a previous problem where you would click on a link that was actually an .exe file disguised to look like you were downloading a .jpg.  This was an executable file.  The second kind is actually a downloaded file (not executed by clicking on anything) that saves as a .jpg, but when certain preset conditions are met the file executes itself and does it's work.

It may be a matter of semantics of you execute it by clicking on the link or if the file executes itself after downloading.  But the big difference is the first is a common type of infection, and everyone is vulneralbe if they click on links without knowing what they are clicking.  The second you are only vulnerable to if you try to view the .jpg file in a viewer with the vulneralbe .dll file as its instructions.  If you have downloaded the fix, you are no longer vulnerable to this file, no matter if it is infected or not.

Offline Elyeh

  • Nickel Member
  • ***
  • Posts: 362
xp service pack 2
« Reply #32 on: June 01, 2005, 12:40:46 PM »
Ok got ya....

So the jpeg has a .dll in it that promotes the virus.

So does it keep its .jpg extension, or does this file have its own extension as its now a modified .jpeg?

Now to mix it up some...did they say this could be done to a .bmp or .gif?

I would think a .gif would be a better target as many websites use animated gifs. You wouldnt think twice about a small gif image.

Maybe the size of the .dll code is too big for a gif

Offline StarOfAfrica2

  • Platinum Member
  • ******
  • Posts: 5162
      • http://www.vf-17.org
xp service pack 2
« Reply #33 on: June 01, 2005, 02:03:01 PM »
No, the .jpg itself does not contain the .dll.  The vulnerable .dll was shipped in certain picture viewing and editing software.  This .dll was (IIRC) part of the .NET code, and it left certain things open on your computer to an outside user.  If you have an unpatched version of any of these programs (and you can look on microsoft.com, the list is extensive) AND you have not upgraded to the microsoft security patch that fixed it, AND you download one of these fake .jpg files, a hacker can then enter and take over your computer once you use the viewer to try to view the picture.  Several aftermarket picture editing programs had their manufacturers issue patches to fix thier own programs.  Microsoft issued the patch (I believe) with SP2.  So if you did not fix any individual programs, the Microsoft patch replaced the .dll with a different one that doesnt leave you open to attack.

Offline Elyeh

  • Nickel Member
  • ***
  • Posts: 362
xp service pack 2
« Reply #34 on: June 01, 2005, 04:32:05 PM »
Ok, so the .dll is in the picture viewing software.
You download this .jpg and when you view the jpeg, the viewing software is activated and this is where the virus is launched.

Is this correct?

So the jpg is the hook to launch the viewing software, right?
Which in turns launches the virus from the .dll in the viewing software.... Sneaky

Offline artik

  • Silver Member
  • ****
  • Posts: 1908
      • Blog
xp service pack 2
« Reply #35 on: June 02, 2005, 06:34:36 AM »
Quote
Originally posted by Crispy
I don't quite get where people thinks stuff just flies into there computer and corupts it??  I don't & won't use a firewall, simply it is not needed. ALL spyware, worms etc... comes from stuff YOU DO! Opening emails, going to shady web sites, installing tool bars & silly bells & whistles off web sites. And firewalls do nothing to stop this kind of thing. I have a 4 meg cable conect that is all ways on 24 hours a day and have NEVER had a sigle thing jump into my computer & screw it up.  I have however done some stupid things with email attatchments & web sites... if you tell it to or let it install crap you are not sure what it is you will have problems...reguardless of firewalls & virus programs.


I used to think this way too...
But there are what is called services that running on your computer by Windows that allows certain usage of resources. These services can be used for certain purposes:
For example run command from command prompt in Win XP "telnet localhost 135" and you'll connect to some resource. This port can be connected when you are in internet if you don't use firewall that closes it from external connection. Using it some kind of programs can install stuff or do some operations. This is one of examples of security holes of Windows...

I remember when I wanted to run AH in h2h mode as server I was encuraged to turn firewall off... and my computer was rebooting all the time for unknown reasons (worm) untill I turned it on back... You should know there are lots of services that can be accessed from internet... And if they are not safe they may make a damage.

Yes firewall should be turned ON for security reasons...

Even on my Linux system that is much more secure I run firewall because I want to prevent some kind of attacks.

Quote
after spending the last week clearing my computer of spyware and virus stuff I have been advised to install xp service pack 2; is it safe or will it screw up my ah2 gameplay?


If you got sick of Viruses and Spyware - move to Linux...

It is now very user friendly and ready for daily desktop usage... And leave small amount of drive space for Windows for AH :D

Just try and you'll see that you will not be back!!!
Artik, 101 "Red" Squadron, Israel