Weekly Report on Viruses and Intruders – JPGTrojan.C and Keylogger-Pro
JPGTrojan.C is a program that allows JPG images to be created which exploits the Buffer Overrun in JPEG processing vulnerability (described in the Microsoft bulletin MS04-028).
The malicious JPG images generated JPGTrojan.C are distributed through different means. When one of these images is opened using a vulnerable application, the code it contains is run. The effects of opening an image created by JPGTrojan.C include the following:
– Add a new user and assign this user administrator rights.
– Specify that a port must be opened, allowing remote access to the affected computer.
– Specify a remote IP address and port and establish a connection.
– Download an executable file from the Internet and run it on the affected computer.
However, some of these actions can only be carried out if the English operating system is used or if a specific version of the Dynamic Link Library GDIPLUS.DLL is installed.
Keylogger-Pro is a hacking tool that allows keystrokes to be captured (allowing it to capture passwords, chat conversations, data entered in specific windows, etc.). It sends the information it obtains to an email address.
Keylogger-Pro can be installed on a computer without the user realizing. This program does not pose a danger in itself but can be used for malicious purposes.