HKTL_JPGDOWN.A is a non-destructive hack tool that creates a JPEG file (detected by Trend Micro as EXPL_JPGDOWN.A), which exploits a vulnerability in Windows XP. This buffer overrun vulnerability in the processing of JPEG image formats may allow a remote user to execute code on an affected system. If a user is logged in with administrator privileges, this vulnerability allows an attacker to take complete control of affected system, and perform actions such as installing programs, viewing, changing or deleting data, and creating new accounts with full privileges. This malware is currently spreading in–the-wild, infecting computer systems that are running Windows 95, 98, ME, NT, 2000, and XP. Upon execution, this hack tool displays a dialogue box titled is displayed, and the buttons “Make” and “About”. The Trojan dropped by this hack tool, attempts to download and execute files from any URL that a malicious user inputs in the dialogue box. This hack tool also drops the file MYPICTURE.JPG in the current folder. After execution of this hack tool, the following message is displayed: "The Jpeg Server, has been created with your settings in the current directory." The following strings can be found in the malware body: JPEG Downloader V1.0 With this downloader you can create downloader server with *.jpg extension. Based on Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) Using Generic win32 http download shellcode Bug analized by eEye Digital Security (http://www.eeye.com) Compilied 23/09/04 Copyright 2004 ProGroup Software, Inc. Coded By ATmaCA E-Mail:firstname.lastname@example.org Web:http://www.prohack.net If you would like to scan your computer for HKTL_JPGDOWN.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at: http://housecall.trendmicro.com/ HKTL_JPGDOWN.A is detected and cleaned by Trend Micro pattern file 2.178.00 and above.