Discussion in 'malware problems & news' started by Randy_Bell, Oct 1, 2004.

Thread Status:
Not open for further replies.
  1. Randy_Bell

    Randy_Bell Registered Member

    May 24, 2002
    Santa Clara, CA
    HKTL_JPGDOWN.A is a non-destructive hack tool that creates a JPEG file (detected by Trend Micro as EXPL_JPGDOWN.A), which exploits a vulnerability in Windows XP. This buffer overrun vulnerability in the processing of JPEG image formats may allow a remote user to execute code on an affected system. If a user is logged in with administrator privileges, this vulnerability allows an attacker to take complete control of affected system, and perform actions such as installing programs, viewing, changing or deleting data, and creating new accounts with full privileges. This malware is currently spreading in–the-wild, infecting computer systems that are running Windows 95, 98, ME, NT, 2000, and XP.

    Upon execution, this hack tool displays a dialogue box titled is displayed, and the buttons “Make” and “About”. The Trojan dropped by this hack tool, attempts to download and execute files from any URL that a malicious user inputs in the dialogue box.

    This hack tool also drops the file MYPICTURE.JPG in the current folder. After execution of this hack tool, the following message is displayed:

    "The Jpeg Server, has been created with your settings in the current directory."

    The following strings can be found in the malware body:

    JPEG Downloader V1.0
    With this downloader you can create downloader server with *.jpg
    Based on Buffer Overrun in JPEG Processing (GDI+) Could Allow
    Code Execution (833987)
    Using Generic win32 http download shellcode
    Bug analized by eEye Digital Security (
    Compilied 23/09/04
    2004 ProGroup Software, Inc.
    Coded By ATmaCA

    If you would like to scan your computer for HKTL_JPGDOWN.A or thousands of other worms, viruses, Trojans and malicious code, visit HouseCall, Trend Micro's free, online virus scanner at:

    HKTL_JPGDOWN.A is detected and cleaned by Trend Micro pattern file 2.178.00 and above.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.