16.9.04

Software bug raises spectre of 'JPEG of death'

Newscientist.com

Flawed software code used by numerous Microsoft applications to render images mean that a specially constructed image file could hijack a computer or spread a virus.

Ten years ago the idea of an image infecting a computer was the subject of a hoax email. But what was once a myth is now a genuine threat after Microsoft disclosed a flaw in the image processing code used in a range of its software programs on Tuesday.

Some experts blame the new threat on shoddy programming. "In a properly coded world, a graphic should not be able to infect your computer," says Graham Cluley, senior researcher with the UK-based anti-virus firm Sophos. "It should be impossible."

So far, no one is known to have exploited the flaw and Cluley says it is far from certain anyone will develop a computer virus based on it. But code designed to exploit the bug could appear on the internet soon, and this is often the first step towards the creation of a hacking tool or virus based on the flaw.