Thursday, December 11, 2008

Let's Hope Spammers and Criminals Don't Find This

I realize that yesterday's post about jpeggery only included one actual JPEG. So here's a couple more and they are quite disturbing.

You wouldn't think they were scary, looking at the first example, a pair of screenshots of the Eudora email program (yep, I'm really old school when it comes to email). The odd thing is that the upper shot, where the dark blue rectangle is just hovering on the page, is weird. It was just sitting there, even when I wasn't using the program. When you pull down the File menu in Eudora to select Check Mail it normally looks like the segment in the lower shot.  In other words, in the upper shot the screen seems to be retaining a piece of menu after the menu is closed. And Eudora is not the only place this happened, in fact the rectangle appeared over every application.

Consider the second pair of shots. This time the phantom rectangle has picked up the Save menu item from the Paint program, and below that a blog menu item called Details.

What appears to have happened is that after Windows Media Player crashed while playing a video, it left something in a graphics layer/frame/buffer which that program accesses. And that something persisted, across applications. It even stayed in place through a system stand-by and wake-up.

Do you begin to see what I see? There could be a way to inject persistent messaging that users can't remove without a reboot. Why would someone want to do that? Here's what Compter Security 101 teaches us. First there will be some people who do it "Because we can." Then some people will figure a way to exploit this to annoy/disrupt/market/infect/spam systems without system-owner consent. If doing this has perceived value, it will be done. And then the way to do this will have value and it will be sold. And so on.

Hopefully getting this phantom code entity into a system requires a hard-to-duplicate set of conditions (like you have to crash Windows Media just right).

1 comment:

  1. [...] I described a situation in which Windows Movie Maker running on Microsoft Windows XP Pro SP2 leaves persistent video ‘artifacts’ on the computer display after it has closed (or crashed). Today I found a way to fix this problem, for a certain definition [...]

    ReplyDelete