"New JPEG Virus Propagating Via Instant Messaging and Peer-to-Peer Networks," said one press release. Another brought dire news of the "JPEG of Death.C" virus. Even images are no longer safe. We're all doomed!
Or not. So a buffer overrun in Microsoft's JPEG handling library means malware can be downloaded by a malformed image. Potentially nasty, and early exploits (especially targeted ones, rather than mass-mailers) have the potential to do real damage. But up-to-date AV signatures and patched systems will suffice to protect you.
But this was a dream come true for anti-virus public relations. The media had been getting bored of endless repetitions of Bagle and was only momentarily stirred by news of Sven Jaschen (author of Bagle and NetSky) being hired by SecurePoint. PR operations in AV firms worldwide swung eagerly into action with boundless enthusiasm, but not a whole lot of attention to detail, resulting in the sort of desperate overhype we had not seen since the cyberterrorists were poised to take over the world last year.
The alleged IM/P2P JPEG virus was just a hacker sending Trojaned images to potential IM victims. And the "JPEG of Death" virus was just a malware toolkit used to create Trojan images posted to adult newsgroups.
To hedge my bets, I admit that we probably will see a virus using the JPEG exploit. It is just too tempting, and there will be unpatched boxes and naive users. But there is no need to panic.
Other malware in the news comes from our neighbours across the Irish Sea in the form of Trojan autodiallers. These are causing misery for Irish consumers who dislike paying hundreds of euros to scammers who have managed to register premium-rate services in the South Pacific despite the doubtless sincere efforts of telecoms operators to regulate number allocation and prosecute complaints.
Why software should be allowed to silently change dialup settings under Windows without so much as a confirmation dialogue is beyond me, but avoiding what sounds like it should be a minor technical remedy, the Irish telecoms regulator ComReg opted for Plan B: cutting off telephone access to 13 nations which were fingered as havens for these scams.
Does that seem a bit disproportionate to anyone? What will ComReg do when the scammers open up shop in Korea or Iran or Kazakhstan? They can't whitelist the whole world, can they?
And do you really want a regulatory body dictating which phone numbers you can call? What is next – a list of "known-good" websites or email addresses? ComReg might have had the consumers' best interests at heart, but the internet conspiracy theorists are surely going to love this one.
Send your view to firstname.lastname@example.org.
Jon Tullett is UK and online editor for SC Magazine