Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
JPEG virus?
- Thread starter ArcCodex
- Start date
I'm not sure I get what you're asking but i've never heard of thumbs.db files getting infected. Not saying they can't be but i've never seen it. Are you asking that if a jpeg file held a hidden virus that was inserted by some "secret message" program, could you get infected by previewing the pic using the thumbnail feature? If that's what you're asking then no I don't believe so. From what I understand, technically it's possible to hide virus code in a photo file without altering the photo but normally you couldn't get infected by it just by opening the photo or previewing it. There are programs you can get that'll let you hide secret messages within photo files so that you could send secret messages to friends and such without anyone seeing the message. Using such a program you could also hide virus code in the photo. But in order to get infected by that hidden virus you would have to run the photo file through the decoder program to decode the hidden message, in this case the virus. You couldn't get infected by simply previewing that photo or opening it in explorer or a photo editor. Is that what you're asking about? If not can you clarify?
Of course there are viruses like 'loveletter' that can overwrite a photo file with viral code and you'll get infected just by opening it but in that case the file would have been altered completely and it'll include an extra extension such as 'photo.jpg.vbs'. In that case I don't believe you would get infected by using the thumbnail feature because there wouldn't be any photo there to preview. The photo would've been overwritten with viral code so you would have to click on the photo file and open it to get infected.
Of course there are viruses like 'loveletter' that can overwrite a photo file with viral code and you'll get infected just by opening it but in that case the file would have been altered completely and it'll include an extra extension such as 'photo.jpg.vbs'. In that case I don't believe you would get infected by using the thumbnail feature because there wouldn't be any photo there to preview. The photo would've been overwritten with viral code so you would have to click on the photo file and open it to get infected.
Actually, McAfee just released this info on a JPG infector -- W32/Perrun. Not sure of the details, you can probably find it here:
AVChap
AVChap
yep, yesterday mcafee announced a proof of concept, it infects jpegs, and shows that even text files may be infected in this manner. here is the official from mcafee on this,
Today AVERT discovered a new virus that can actually infect JPG files. The virus is NOT in the wild.
The description is posted here
The risk is Low-Profiled.
The virus is a proof of concept, and does mean that another one can be written to infect ANY type of file that is not an executable. These would include MP3's AVI's and TXT files.
The infected files -JPGs- are considered carriers, the infected JPG can only infect another JPG if the infection exists on that machine. See the description for all the information.
AVERT has added detection and removal for this virus into the next set of DATs that will be released next Wednesday - the 4208's.
The virus can be detectd with the 4185 DATs if you are running heuristics. It will be detected as W32/Alcop@mm, though Alcop is a mass mailer W32/Perrun is not.
FatesWebb
if you do what I suggested it is not my fault...
Today AVERT discovered a new virus that can actually infect JPG files. The virus is NOT in the wild.
The description is posted here
The risk is Low-Profiled.
The virus is a proof of concept, and does mean that another one can be written to infect ANY type of file that is not an executable. These would include MP3's AVI's and TXT files.
The infected files -JPGs- are considered carriers, the infected JPG can only infect another JPG if the infection exists on that machine. See the description for all the information.
AVERT has added detection and removal for this virus into the next set of DATs that will be released next Wednesday - the 4208's.
The virus can be detectd with the 4185 DATs if you are running heuristics. It will be detected as W32/Alcop@mm, though Alcop is a mass mailer W32/Perrun is not.
FatesWebb
if you do what I suggested it is not my fault...
- Thread starter
- #5
There is an update on this virus at It looks like you need another virus before this one work and the JPEG becomes unreadable when infected. It still doesn't answer the question about thumbnails but I suspect that ArcCodex is right. James P. Cottingham
I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that they think I am now
qualified to do anything with nothing.
I am the Unknown lead by the Unknowing.
I have done so much with so little
for so long that they think I am now
qualified to do anything with nothing.
- Thread starter
- #8
- Status