More Than the Operating System:
The vulnerability from this JPEG exploit is not solely a problem with the operating system. The exploit actually uses a Dynamic Link Library (DLL), known as GDI+. With the latest updates from Microsoft, applications are directed to use the new, safer, DLL. However not all applications can be fixed this way because they are coded to use a specific, and potentially vulnerable, DLL. It is also possible that third-party applications could contain a renamed JPEG handler that is vulnerable, which would not be recognized during the updates.
In a recent News.com article on the JPEG exploit, CNET explains that anti-virus software could be ill-prepared to protect corporate networks from the JPEG exploit. According to Mikko Hypponen, director of anti-virus research for F-Secure, anti-virus software will strain to find JPEG malware, because by default, it only searches for executable files.
"Normal anti-virus software, by default, will not detect JPEGs," Hypponen said. "You can set your anti-virus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."
There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. This would make finding malicious JPEGs even more difficult. Searching could take up a significant amount of valuable processor power.
Furthermore, Internet Explorer processes JPEGs before it caches them. That means the computer has the potential to become infected before anti-virus software ever has a chance to work.
"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway."
The Internet Security Manager does just that. The ISM searches for malicious JPEG images in email and on web pages before the site is served to the end user, stopping viruses at the gateway.
Am I Vulnerable?
If you are running Microsoft Windows, and have Internet Explorer or Microsoft Office installed on your PC, it is very likely that you are vulnerable to this attack. Even if you have XP Service Pack 2, third party software may leave you open for attack. To find out exactly how vulnerable you are, SANS Institute has released a GDI Scan tool that will check your computer for vulnerable DLL files. This free download is available from the SANS Institute's web site.
Will Norton or McAfee Stop This?
While Symantec and McAfee remain unclear on their ability to stop this type of attack, UIA remains committed to the fact that our email scanner will prevent the JPEG from ever reaching your email client.
Can My Firewall Prevent This?
Firewalls currently are unable to prevent the JPEG from being displayed and causing damage to your computer. At best, the firewall can prevent your computer from causing further damage to the connected network.
One of the first steps to protecting yourself is to make sure you update your software. SecuriTeam.com offers a list of available updates for affected Microsoft applications, as well as information on patching vulnerable DLLs.
To help you determine how vulnerable you really are, SANS Institute offers a free GDI Scanner available on their web site that scans your hard drive for potentially vulnerable DLL files. This is the only tool available currently that scans the entire drive for vulnerable DLL files. Microsoft offers a similar DLL scanner, but it only searches through the Windows directory.
Although SANS Institute's DLL scanner quickly finds vulnerabilities, it does not provide information on how to patch these files, or which files are actually currently being used by the system.