The SANS is warning to a JPEG image with MS04-028 overflow that downloads and executes a jpeg.exe file. The program modifies the registry and installs in autorun. It notifies the compromise to an IRC server and waits for commands. http://isc.sans.org/diary.php?date=2004-10-05 albatross