|
-
June 13th, 2002, 06:01 PM
#1
That's getting scary!
I found today!
A new computer virus is the first ever to infect picture files, an anti-virus firm reported Thursday, making sharing family photos on the Internet a potentially dangerous activity.
read the rest here
Now ... am i the only one who is concerned about that news?
-
June 13th, 2002, 06:20 PM
#2
Member
The potential for this is astronomical.
As of now though the extractor is simply a .exe file that arrives via email/disk/etc.
It does not self proprogate...for now, which is a good thing.
The trick is to pre-package the whole deal. Extractor/payload/delivery I give it till the end of the year before we see one in the wild.
*Goes to Sybari...blocks all incoming .jpg extensions on the network*
=P
Tachyon
|-----|Alcohol is my anti-drug |-----|
-
June 13th, 2002, 06:29 PM
#3
I am confused...the security update says it uses a .exe, but that it could use just a .jpg. How could you 'run' a jpg? Some sort of IE6 problem?
Elen alcarin ar gwath halla ná engwar.
-
June 13th, 2002, 06:32 PM
#4
Member
You have the have the 'extractor' program already installed on your computer before infected .jpg will execute when you open them.
This extractor checks to see if the .jpg is infected...if yes then it will execute the payload within the .jpg
Tachyon
|-----|Alcohol is my anti-drug |-----|
-
June 13th, 2002, 06:55 PM
#5
Senior Member
hmm, interesting and yes as you say dangerous...
i read about a similar thing before:
it is possible to causse a buffer overflow by opening a mp3 or wav file. normally players ignore any executable text, but if there is a specific situation (e.x. in winamp the browser is open) opening such file can causse your comp to break down....
------------------------------------------------------------------------------------------------------------------------"Knowledge is the Real Power"
\"Knowledge is the Real Power\"
-
June 13th, 2002, 07:16 PM
#6
Member
This certianly concerns me, as it should anyone who is responsible for a large number of computers. This is why we have places like antionline, so professionals and wannabes like myself can discuss what we can do about it.
The more I deal with people, the more I LOVE my computer.
-
June 13th, 2002, 07:37 PM
#7
Humm, this really doesn't sound like anything new to me.
The virus arrives via e-mail or a floppy disk as an executable file. Security experts always warn against opening programs sent as e-mail attachments.
Exactly. Don't open executable attachments. Thats just plain stupid.
Once run, the file drops an "extractor" component onto the victim's hard drive. When a computer user clicks on a picture file with the extension .JPG – a common picture file found on the Web – it is infected before it appears. Because the picture displays normally, Gullotto said, the victim may not know there's anything wrong.
This is nothing more then a trojan horse that recieves it's instructions via an encoded piture (probably using stenonography) instead of via IRC. You still have to install an executable (the extractor) first.
In its current form, an infected JPG file sent to a friend or placed on a Web site isn't dangerous without the extractor file. But Gullotto said there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.
BS. You still have to execute something. Therefor it can't be a jpeg.
McAfee researchers received the virus from its creator. Gullotto declined to identify the author, and McAfee anti-virus software can detect and remove Perrun.
McAfee probably created this proof of concept virus so they could sell more software.
\"Ignorance is bliss....
but only for your enemy\"
-- souleman
-
June 13th, 2002, 08:27 PM
#8
Originally posted here by souleman
Humm, this really doesn't sound like anything new to me.
Exactly. Don't open executable attachments. Thats just plain stupid.
This is nothing more then a trojan horse that recieves it's instructions via an encoded piture (probably using stenonography) instead of via IRC. You still have to install an executable (the extractor) first.
BS. You still have to execute something. Therefor it can't be a jpeg.
McAfee probably created this proof of concept virus so they could sell more software.
Right now thiat's the case. BUT all you have to do is modify it so that yhe extractor code is in the picture too....thus when you click on the JPG file it executes and drops the payload without the need for the external EXE
-
June 13th, 2002, 08:40 PM
#9
Member
Right, with modification this could make jpegs more than a simple data file, now it has the potential, with modification, to contain the executable within the code and virtually make jpegs exe files. The problem is not what it does today, but what it can potentially lead to tommarrow. I personally see this as a huge milestone and it could open the flood gates for new virii. It is like when you find an exploit, at first it is harmless because you don't plan to damage anything, but once the exploit is released and people know it is there; the gates are open for attacks.
I see great potential for this concept cause us lots of trouble in the future. But maybe I am wrong. I hope I am.
The more I deal with people, the more I LOVE my computer.
-
June 13th, 2002, 08:50 PM
#10
not good.........yeah, I hope you're wrong too, but it makes sense, so I think I'll set my email to never open .jpg or ANY type of pic attachments (I've got it set to ignore everything except for pics right now)........
thnx for the info!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
