Virus not detected

[PapyNet]

Hello!
I Speak english very very badly.

http://sylvana.net/test/AP4.jpg

IE scratch!


This Dos is not detect by Avast!

Why ?

Bien cordialement
Georges

[whocares]

Hi,

please don't post direct/clickable links to malware here;
at least edit your posting (e.g. replace "http" with "h**p")

KAV says:
AP4.jpg infected by "Exploit.IE.Crashsos"

-> As always, please email the file to virus (at) avast.com
best in a password-protected zip- or RAR-archive
(include problem description and archive-password in the mail-text)


 

[igor]

Actually, I'm not sure if this should be called a virus.
This JPEG does not use the recently discovered exploit (MS04-028) - it is a completely different bug. This one, however, is probably impossible to misuse to execute a malicious code - it can "only" crash the browser.

Of course, it's bad when computer programs contain bugs, but I would automatically call the problematic files (where the bug actually shows up) as viruses

[PapyNet]

Hello!

In French, excuse me !


Ce n'est pas un virus mais un DOS

Seuls KAV et NOD32 détectent le malware à l'heure actuelle.

D'après ce que j'ai entendu dire, MS n'envisage pas de patcher avant le prochain OS !

Comme ça n'écrit pas de code et provoque just un DoS, ils considèrent que ce n'est pas une faille !

How do you do ?

Bien cordialement
Georgez

[Eddy]

This is not a virus but a DOS (haven't got a clue what he means with that)
Only KAV and Nod32 are detecting this currently (not true, others detect it as well)
What I am trying to say is that MS will not release a seperate fix for this, but will fix it in a next OS. (I doubt this very much)
MS says it is not a fault in their code.

This translation has been made with a very rusty French knowledge so there are likely a few mistakes and it certainly isn't the best translation possible.

[MikeBCda]

This is not a virus but a DOS (haven't got a clue what he means with that)
This translation has been made with a very rusty French knowledge so there are likely a few mistakes and it certainly isn't the best translation possible.

Hi Eddy (and of course anyone else in this thread I missed),

My personal guess is that PapyNet means it triggers a denial-of-service attack.  Too bad the standard acronym for that is so similar to the one for the OS, it's totally confused meanings.

Best,
Mike

[Eddy]

Too bad the standard acronym for that is so similar to the one for the OS, it's totally confused meanings.

Actually it is not the same acronym. Many people call it just denial of service but in fact it is Distributed Denial Of Service (DDoS)

Definition of DDoS:
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

A hacker (or, if you prefer, cracker) begins a DDoS attack by exploiting a vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised. The intruder loads cracking tools available on the Internet on multiple -- sometimes thousands of -- compromised systems. With a single command, the intruder instructs the controlled machines to launch one of many flood attacks against a specified target. The inundation of packets to the target causes a denial of service.

While the press tends to focus on the target of DDoS attacks as the victim, in reality there are many victims in a DDoS attack -- the final target and as well the systems controlled by the intruder.

[lee16]

Eddy

Don't firewalls stop incoming/outgoing DDos attacks?, is the damage done permanant?

--lee

[Lisandro]

Don't firewalls stop incoming/outgoing DDos attacks?, is the damage done permanant?

Generally, the professional version of them do it.
Outpost Pro could not only block DDoS attacks but even block the 'hacker' IP  

[PapyNet]

Hello!

It'is not a problem to Firewall but Antivirus.
Scratch Internet Explorer.

In French :
Signalé sur le forum private MS MVP  par un expert en Sécurité :

Le DoS dans une image JPEG (AP4) dispo ici : http://sylvana.net/test/AP4.jpg (crash IE en créant un buffer overflow en inscrivant des données dans une zone de mémoire non allouée) est dû au fait qe comme beaucoup MS fonctionne sur le mode "Suivez mes conseils mais pas mes exemples" : IE utilise une bibliothèque pourtant patchée depuis 1998...

Seuls KAV et NOD32 détectent le malware à l'heure actuelle.

Ma question est : que va faire Avast! pour traiter ce problème  ?

Bien cordialement
Georges

[Eddy]

It'is not a problem to Firewall but Antivirus.

No it is not. It is a problem of the OS not the firewall, nor the AV.

[igor]

Once more: the file is not a virus!
The image was created long time ago by somebody who experimented with various possibilities of JPEG format encoding. The fact that Microsoft HTML Viewer library isn't able to display it - and crashes instead - doesn't make it malicious (btw, Netscape 4.x crashes on it badly, too). As far as I know, there is no buffer overflow inside, i.e. no possibility of executing a malicious code.

If some viruses start to send this (or similar) file to people with the intention of crashing their browser/e-mail client, we will consider adding the detection - but still, the file itself isn't a virus, there will have to be another piece of real virus that would send it.

[PapyNet]

Hello!

STOP

Nous ne nous comprenons pas!

STOP STOP STOP

Bien cordialement
Georges

[Eddy]

PapyNet, please use the online translator I mentioned in the IM. If that isn't enough to understand, see if you find someone there who can translated English to French for you. I'm sure that will clear up many things for you.

[inthewildteam]

Off topic (sorry)

she is quite cute!

Old pic though and nothing new in hiding info in a picture file.