SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    SitePoint Evangelist ckchin's Avatar
    Join Date
    Mar 2002
    Location
    msia
    Posts
    487
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    New virus affected on image file

    A new virus can, for the first time, infect image files, according to antivirus software company McAfee Security, a division of Network Associates Inc. This means that the virus could be spread through Web sites containing infected image files, and force antivirus companies to re-engineer their products, McAfee officials said.

    http://www.idg.net/go.cgi?id=698614

  2. #2
    SitePoint Zealot
    Join Date
    Apr 2002
    Location
    Seattle, WA
    Posts
    145
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    New Virus Spreads Via .JPG

    http://www.nerdnations.com/bbs/showt...p?threadid=189 - not good new virus that spreads via .JPG file
    Adult Webmaster since 2003.
    Nothing to see here, move along...

  3. #3
    morphine for a wooden leg randem's Avatar
    Join Date
    Jun 2002
    Location
    .chicago.il.us
    Posts
    957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    That's just ridiculous.

    A JPEG is little more than a collection of 1's and 0's that represent color. When opened by compatible software, this data represents a picture.

    The worst case scenario would be if someone was able to create a virus which coincidentally (or intentionally) once compiled could also be seen as a somewhat coherent picture. But in order for this code to be executed, it would have to be interpreted and executed by a program designed specifically to do so.

    So if such a virus did indeed exist, it would have to either replace the standard <insert name of OS here> library for rendering of JPEGs, or else associate itself in the system with the .JPG file extension, causing pictures to be opened with the virus or infected program, rather than a normal image viewer.

    While it would be easy to believe that the attrocious developers at MS might leave a hole in IE which could allow something like this to happen, I feel it is much more appropriate to assume that this is a hoax... probably started by some jealous wife or religious zealot in attempt to curb the common appetite for porn. Or maybe it's a nifty piece of marketing designed by a sysadmin to convince his users to stop infecting their machines with every virus they receive by email. =)

    There are much better things to worry about. Don't sweat over JPEGs.

  4. #4
    morphine for a wooden leg randem's Avatar
    Join Date
    Jun 2002
    Location
    .chicago.il.us
    Posts
    957
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I wish people weren't so ignorant at these big companies. The author of that notice barely has an understanding of how computers work, apparently.

    JPEGs are not executable. The only way such a virus could work would be to change your system settings, causing files with the .jpg extension to be opened with CMD.EXE or COMMAND.COM, but at best this would be a 50/50 scenario already, and only effective on Windows at that.

    One way or another, you still never get introduced to such a wild scenario if you don't click on executable attachments in your email (.com, .exe, .bat, .vbs, et al) and don't use insecure applications (IE, Outlook, etc).

    Don't let this one cause too much hype. It's all theoretical anyhow.

  5. #5

  6. #6
    SitePoint Enthusiast
    Join Date
    Jun 2002
    Posts
    69
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    it is different - but (currently) it still needs an exe to get itself geared up.

  7. #7
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i really seem to be missing the point of this virus...
    Only machines that already have the executable file on them could be infected because of the way the virus is written, he said.
    ok...so at some point it's required that users run an .exe, and then the virus appends itself to the first jpeg you view and any other jpeg in the same directory. ok. i'm with it until this point. now what ? you have a jpeg with some dormant virus code appended at the end. how is this executed ? afaik, any image viewer software will only read and interpret data it understands, and simply ignore the rest. do you also need a specially infected image viewer now that does something like "if it's image data that you understand, display it, if not, try and execute it just on the off-chance it might be something interesting".
    this, in my opinion, is complete and utter FUD spread by McAfee so they can sell some more virus checkers.
    The virus, which is being called W32/Perrun by McAfee, is not yet in the wild -- meaning it is not spreading on the Internet -- and was sent to McAfee by its author early Thursday morning Eastern time
    so they now have the "competitive advantage" ? customers will certainly be flocking out to buy their product, as other software companies haven't got this inside knowledge ? yeah right...
    smells like fish...tastes like chicken...i think it's a dud...
    redux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  8. #8
    SitePoint Evangelist MobileBadBoy's Avatar
    Join Date
    Jun 2002
    Location
    Mobile, Alabama
    Posts
    451
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This makes me think of the old AOL days (2.5, 3.0, 4.0) where we could re-write the first few lines of a GIF image, and insert it in to an email. If the mail was opened, AOL's email software would try to read it resulting in an Illegal Operation and crash AOL, heh.

    Not a virus, but would still screw some people up.
    Shawn Kerr .com

  9. #9
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ah...after reading the article twice, it makes sense now...
    Because JPEGs are a common image format on the Web, the virus poses a risk of infecting any user who views an infected file on a Web site, Gullotto said. Users would have to have the executable on their systems for this to occur, he said.
    so basically you need to already be infected in order to catch any more viri spread like this...
    so what's the hype ? virus scanners don't need to now examine each bit of data that comes in from the net (scanning each jpeg/mp3/html file)...all they need to do is check your system to see if the executable is on the user's system. solve the problem at its root, for pete's sake...
    redux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  10. #10
    SitePoint Zealot Andthensometoo's Avatar
    Join Date
    Aug 2001
    Location
    Michigan
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good job sorting through the crap Redux!
    Once again, I am with you on McAfee's pretending they are on the cutting edge of technology with this useless hype about virii infected jpeg's. DUH! If without the executable, the jpeg is just a jpeg, then how easy can it be spread, and how hard can it be to detect if the exe is on someones system?
    "Sell More Software" is obviously their ultimate goal.
    "If you handle with products .. this is a word to see It"
    elvis.isnotalive.com
    My Complaint Dept
    Visit Interceptor's AV review

  11. #11
    SitePoint Member
    Join Date
    May 2002
    Location
    uk
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

  12. #12
    SitePoint Member
    Join Date
    May 2002
    Location
    uk
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    hmmm...this should be fun...cause mass panic on a few other message boards...


  13. #13
    ********* Streaker Lister14's Avatar
    Join Date
    Jun 2002
    Location
    C:\Documents and Settings\Desktop\Recycle Bin
    Posts
    677
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so does that mean it is possible, but first it needs to nest down in the registry, b4 it gets activated by the infected jpegs?
    roy.lu
    C:\DOS... C:\DOS\RUN... RUN\DOS\RUN...!

  14. #14
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah...basically the infected jpegs are not really necessary for this virus to spread (?)
    you need ot be infected first...interesting.
    i mean, i can see the point if the first infection (via .exe) only prepares the "framework" to execute any executable code appended to jpeg/mp3/html/whatever. it's then easy for new viri to infect already infected machines with a new strain...
    but yes..."mostly harmless". i love how they claim that in future versions it won't need the .exe at all...yeah right

    /me waits for microsoft to claim this whole "critical" situation is to be blamed on open source...hehe
    redux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com

  15. #15
    Serial Publisher silver trophy aspen's Avatar
    Join Date
    Aug 1999
    Location
    East Lansing, MI USA
    Posts
    12,937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The virus doesn't spread via jpegs. It spreads via an executable. The Jpeg is just a trigger that sets it off.

    Kinda ridiculous way to make a virus if you ask me. Why it could just be set to execute itself. Unless you want to use jpegs to send hidden commands to the virus.
    Chris Beasley - I publish content and ecommerce sites.
    Featured Article: Free Comprehensive SEO Guide
    My Guide to Building a Successful Website
    My Blog|My Webmaster Forums

  16. #16
    gingham dress, army boots... silver trophy redux's Avatar
    Join Date
    Apr 2002
    Location
    Salford / Manchester / UK
    Posts
    4,838
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just read the link in the other previous post (looks like two threads have been merged into this one ?)
    oh my what a load of bull...
    In its current form, an infected JPG file cannot infect another computer on its own. But Gullotto said there's no reason a virus writer couldn't make the picture itself able to infect other computers.
    there's no reason ? except for the fact that by default pictures are not "executed" ? yeah...
    The malicious program is the first ever to infect picture files, though it is not currently attacking computers.
    [...]
    Until now, viruses infected program files - files that can be run on their own. Data files, like movies, music, text and pictures, were safe from infection.
    these files were safe from infection because virus writers know that they're not executed...not because it's such a technological breakthrough to attach extra code to any kind of file...this makes it sound like "they finally cracked it ! they know how to infect these files as well"...hmmm
    A new virus threatens to strike one of the Internet's most common and useful activities: sharing family photos.
    why not add to this "so, to all people using P2P and downloading movies from the net...please stop doing it and only buy legit copies of stuff and run them on equipment with our proposed copyright management system. signed: the nice people of all major american media corporations" (or am i being too cheeky ? sounds like a nice bit of FUD that could have been started for exactly these reasons though...sorry...entered into conspiracy theories territory now )
    redux (adj.): brought back; returned. used postpositively
    [latin : re-, re- + dux, leader; see duke.]
    WaSP Accessibility Task Force Member
    splintered.co.uk | photographia.co.uk | redux.deviantart.com


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •