By hiding trojans within the pornographic images so enthusiastically pinged around the internet, hackers have finally made cybersecurity sexy, says Simon Moores
“The single most powerful force behind the growth of the internet is not e-commerce but pornography” read a statement I once made in the early days of the web, when I was chief technology officer of one of the UK ISPs subsequently sold to Easynet.
I’m not a great fan of conspiracy theories but when the news arrived that hackers have started to exploit Jpeg images I rather wondered if this might be the catalyst that really encouraged a reluctant world to take internet security a little more seriously. The hackers take advantage of a flaw in a common Windows component called the GDI+ Jpeg decoder, a feature used by Windows, Internet Explorer, Outlook and many other Windows applications,
This most recent critical Windows exploit, “the Jpeg of Death”, surrenders control of the host PC to a Radmin, a legitimate program that in this case is being used as a remote access trojan. The Rat is triggered when an unwitting user downloads an infected image on an unpatched Windows XP machine, which may be enough to make any red-blooded male think twice before revisiting his favourite adult education website in future.
As Computer Weekly reported last week, examples of the Jpeg of Death have already been discovered on popular newsgroups such as alt.binaries.erotica.breasts. But given the growing connection between virus and worm authors, spammers and organised crime groups creating large, remote bot nets, dropping Rat code into explicit photographs is one sure way of accelerating the pick-up of new zombie PCs.
Of all the most recent attacks on Windows, this one in particular should encourage employers and home users to wake up to the dangers, which in this case gives new meaning to the concept of unprotected sex.
A reality of 21st century virtual living sees so-called dirty pictures swapped around the internet in huge numbers, as the Department for Work & Pensions has proved.
Now, employers not only have to worry about the vicarious liability presented by their workforce taking offence at such images but the risk of swathes of PCs being invisibly recruited into the clone army as a consequence of not being properly patched. It all goes to prove conclusively that there is no such thing as safe sex on the internet.
All right, I admit there’s no evidence that the Jpeg of Death is a huge problem but it is a wake-up call. I’ll give you an example.
Last week I was searching through the results of Google searches on “copyright + legislation” for a research project I’m involved with. Most of the websites I browsed through were hard work, particularly EU directive 2001/29 on copyright.
One, however, was a little more interesting than the others and caused an instant rise in blood pressure.
Called www.miragette.com/formal/copyright.htm it has very little to do with copyright. Once it had captured my attention, any further curiosity on my part might have led to a nasty case of the Jpeg of Death if any of the images were compromised, which they don’t appear to be.
So there you have it: the risk from unprotected access to sex and the internet is increasingly unacceptable. Best visit next month’s Erotica show at London’s Olympia (alt.erotica.london) instead, it’s probably safer!
Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies, and specialises in the areas of e-government and information security.
For further information on Zentelligence and its research, presentation and analyst services, visit www.zentelligence.com
Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence