The JPEG of Death

Computer hackers have taken some pornographic JPEGs and augmented them with an exploit that uses the JPEG vulnerability that Microsoft recently announced, as reported by Computerworld. The exploit isn’t a virus, but instead turns the compromised computer into a bulk-mail spam machine, proof once again that the hackers and the spammers have teamed up.

What’s really neat about this exploit is that many people had long expected that the JPEG decompress routines, because of their complexity, almost certainly had to have some kind of buffer overflow in them. But it took literally years for someone to find it…

I went to Windows Update yesterday with a Windows 98 machine — a machine that Microsoft officially doesn’t support anymore. Nevertheless, Microsoft was more than happy to download the JPEG fix to me. Clearly, they are taking this one very seriously.

Once again, this is proof that every Windows machine being used to browse the Internet shoud have automatic updates on by default.