There's now a worm spreading the exploit around on MSN. If you have no clue what I'm talking about, you can read about the exploit. I'm not sure about the worm specifically, but there is some nasty code out there for this. Basically it takes advantage of Windows looking at the content and not the extension to send it as a .jpg, it splits it over the Ethernet MTU (biggest a single packet can be on the network, 1500 bytes, actually a bit less actual data after IP and TCP) so sniffers that don't reassemble streams can't detect it, plus the usual random size/name/method of implementation. This should be a fun one...
Unfortunately Microsoft says the only fix at this point is to unregister a dll, but the problem is really in gdi and not that one, so if many people do that there'll just be modifications made. Windows users may want to take appropriate action.
Copyright ©2000-2008 Jeremy Mooney (jeremy-at-qux-dot-net)
