NEW YORK – In a harbinger of security threats to come, hackers have exploited a newly announced flaw in Microsoft Corp. programs and begun circulating malicious code hidden in images that use the popular JPEG format.
Software tools to create the malicious images began appearing last month, and this week security experts saw images employing them posted on adult-oriented Usenet newsgroups.
To get the malicious code, a visitor must download the image and view it using Microsoft’s Windows Explorer software, said Oliver Friedrichs, senior manager with Symantec Security Response.
The computer then contacts a server to obtain code that would let an attacker take over the machine remotely.
Friedrichs said the current exploit is fairly limited but that he expects future attempts to create malicious images that would work on the more popular Outlook and Internet Explorer programs, also made by Microsoft.