• silicon.com
• Technology
• Security

By Dan Ilett, 20 October 2004 09:15

NEWS IM profile photos could allow hackers to penetrate otherwise secure computer networks, say experts

Security experts are warning users that hackers can use JPEG profile photos on instant messenger to attack networks.

According to security company WhiteHat UK, hackers can use an exploit in JPEGs which enables them to embed malicious code into profile photos on instant messenger. When a recipient sees the photo on their instant messenger (IM) client, it can cause an exploit code, such as a Trojan or worm, to automatically execute.

Jason Hart, security director for WhiteHat UK, said: "Potentially, the photos that are sent with instant messenger could be used with the Microsoft JPEG exploits already out there. Essentially you can say it's the same as any JPEG using the IM protocol as a portal to come through."

IM travels on port 80, which is often regarded as a trusted channel because internet traffic also uses it. Hart said any company using IM that allows JPEGs was open to attack: "The majority of times, desktop computers are the last to be secured by big corporations. So a company with instant messenger enabled could be penetrated. A computer could be exploited, and that would bypass all controls within a corporation."

Mikko Hypponen of F-Secure said the JPEG exploit can work on a variety of image related files, such as .gif or .icon. He added that it would be hard to detect viruses in JPEGs because antivirus software mainly searches for .exe files.

Hart advised companies should secure their IM environment: "The message is to disable instant messenger unless you have the added security controls."

Last week, Hart warned that hackers could also use an nmap bot over IM to carry out denial-of-service attacks on companies.

In September, two reports of a worm that downloaded from websites linked to AOL's Instant Messenger were reported to US security body SANS.

Dan Ilett writes for ZDNet UK