I have a received a malware sample that takes advantage of this
flaw. It comes in a zip file with the filename “My_Photo.zip” and
contains two files. The two files are named “My Photo.jpg” and
“Show Photo.bat” (without the qoutes).
My Photo.jpg is Win32 malicious PE file and Show Photo.bat is a
simple batch file with a one-liner code as shown below.
“My Photo.jpg”
Now, here is the trick, by executing the batch file on Windows
based system with the cmd.exe as the command processor, the file My
Photo.jpg will be executed by the cmd.exe as an executable file.
This trick does not work on .jpg alone, it also works on any file
extension like .bmp, .gif, and etc.
If this security flaw will be used by hackers combined with
social engineering such as email Phish, even average system users
can be fooled because they might consider the idea that, “it’s just
a jpeg file anyway!”.
This is no longer new anyways but, this is also a serious threat
that must not be neglected!
The malicious file has been given the detection name
WORM_RONTOKBR.AC and still under detailed analysis.
Reference:
http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0691.html