Just when you thought it was safe to explore from the Internet, hackers have found a new bug with which to take over your Windows-based PC merely by downloading JPEG images. The Graphic Device Interface (GDI) function imbedded in Windows programs -- including Internet Explorer (IE) -- renders JPEGs in such a way that hackers can hide an “exploit code” in digital images that can activate a worm or virus within two to three weeks.

Windows PCs using operating systems older than Windows 2000 or those that have been updated to Windows XP Security Pack 2 are immune to the briefly inert virus, as are those who use a non-Microsoft browser like Firefox.

How does the GDI virus work? The exploit code, now available to the public, can taint a JPEG image, allowing the virus to take over a computer.

The overwhelming number of Microsoft-based programs affected includes:

• FrontPage 2002
• Internet Explorer 6.0
• Various versions of Microsoft Office
• Outlook 2002 and 2003
• PowerPoint 2002 and 2003
• Project 2002 and 2003
• Publisher 2002

What makes this virus so confounding is that, even if you take the right steps – downloading Windows XP Security Pack 2 before installing another application – your newer gdiplus files could be replaced with an older, more vulnerable version that can be more easily affected. This has become such a big problem Microsoft now offers a free tool to check the condition of your computer.

Amid all the virus news, Microsoft also announced any future security updates to IE would be available only on the XP platform, forcing users with older versions of the operating system to upgrade.

CNET September 24, 2004

USA Today September 29, 2004

Dr. Mercola's Comments:

I’ve warned you a bunch of times about all the security problems Microsoft was having with IE. So many of you are now using Firefox, one of the principals who wrote the code for my Internet browser of choice sent a letter thanking me for all the subscribers from our site who downloaded it. Since America Online purchased Netscape -- and Microsoft lacked any major competitor -- innovation lagged way behind in the Web browser world, unfortunately allowing hackers play catchup to find security holes. Now, if you download a JPEG, based on the age of your software, your computer could be vulnerable to a virus. One important tip: Firefox doesn’t completely solve the problem on the Microsoft platform because IE is so deeply embedded within Windows. For example, if you use Microsoft Office or an older version of Outlook (2002 or earlier), the browser will automatically launch when you receive an HTML e-mail message with a JPEG attachment. A safer plan, if you use Outlook, would be to prevent the program from automatically opening image files as you review e-mails and attachments. Speaking of competitors, a rumor has been circulating in Net circles: Because Google has invested significant time and funding in the open source Mozilla browser arena, a Google-branded browser powered by Firefox may be on the way. If you want to beat the crowd, I urge you to give Firefox a test drive and keep the hackers at bay. Related Articles: Congratulations! You Picked the Safe Internet Browser Switch Your Microsoft Browser (Internet Explorer) Before it's Too Late Your Computer is Infected and You Don’t Even Know It How to Get Rid of Pop Up Ads and Surf the Web in Peace