The So-Called JPEG Infector
Wow, it's been a while since I've posted (months!!!)
Hello Everyone,
I noticed this thread, and I thought that maybe I could help by offering a programming perspective:
When I first read the Security Focus article on the virus, I was real curious and so I created my own JPEG Infector. I wrote a paper on the concept of JPEG infecting.
http://www.geocities.com/pharmicomlabs/jpg/
The paper has a sample program and source code for embedding messages and files into images without distorting them. (The process is really easy!!)
I'm sure you'll find it interesting! But to sum up a few things, and put a few minds at rest, here is what I concluded:
1. As someone has already mentioned, (As of right now) JPEG's CAN NOT act as executable files.
2. As someone else has already mentioned... This "new" form of file infection is just Steganography (An old technology)
3. The JPEG infector requires an extractor to run embedded code/files
I noticed there was a big dispute on this issue... the way it works is very simple:
An extractor program is installed/downloaded/whatever and registers itself as the default handler for images. (This is similiar to going to Folder Options > File Type in explorer.)
When an image is "opened" the extractor extracts the file/code, executes the file/code and then starts the real image program (paint, IE, photoshop, etc)
:D See how simple that works
In conclusion:
As someone was so gracious to mention... without the Extractor, the "infected" JPG is just an image with "junk" data added at the end.
Hope this helps put some minds at ease:
Simon Templer :)