That's getting scary!

[souleman]

You can NOT make a jpeg executable. Maybe on a unix system, by using chmod, but it still isn't executable. When you open a file (double click or whatnot) the OS determins what to do with that file, not the file itself. So when you double click a jpg, the os says, hey, its a jpg, show me the picture in MS Paint (or whatever program you use. Try it sometime. Take notepad.exe and rename it to notepad.jpg. What happens? You get an error saying that the jpg file is corrupted. It does NOT execute notepad. So the only way that this would be possible is if you installed a picture editor that was designed to run exactly what was in the jpg, not just show the jpg. As far as I know, there isn't any. The closest thing would be an animated gif, but that is still not executable.... Open an animated gif file in paint or photoshop, and it doesn't run. It just sits there.... You want animation, you have to open the file in a web browser or a program designed for viewing/editing animated gif files..

btw> meister, that is old news, and was posted on here a long time ago.

[Terr]

Originally posted here by Reality
Right, with modification this could make jpegs more than a simple data file, now it has the potential, with modification, to contain the executable within the code and virtually make jpegs exe files.

Originally posted here by Ratman2
Right now thiat's the case. BUT all you have to do is modify it so that yhe extractor code is in the picture too....thus when you click on the JPG file it executes and drops the payload without the need for the external EXE

No. No. No.

I agree with Souleman, this article is either a hoax or a seriously mis-stated mis-understood subject. The only way I can think of that a picture file could execute arbitrary commands is to specially craft a file that would crash or cause a buffer overflow WITHIN the image viewing program, such as MSPaint or Photoshop, etc.

There is a big difference between a program and a data file, which you can't just ignore.

In its current form, an infected JPG file cannot infect another computer on its own. But Gullotto said there's no reason a virus writer couldn't make the picture itself able to infect other computers.

B.S. That's all I can say. It was possible to make a 'viral' mp3/playlist/streaming audio sequence once, but that was only because there was a bug in Winamp which caused it. The data itself is just inert. The article has a high FUD factor, which translates to: "Buy McAffee NOW or else something BAD will happen!."

Personally I scan my computer maybe once every month. Clean for a few years.

[Reality]

Lets hope you guys are right, and before reading this article I would have laughed too. But then I asked myself the popular question, "what if."

What if it is possible to embed code in a jpg? Ok so you have code in the jpg, big deal you can't do much with it. I mean it is not like photoshop will execute scripts... but IE will.

What if IE or other browers read the code within the jpg as it is loading and executes it like it is any other script. *ponders*

There are plenty more IFs and conditions that would have to be met for this to work, but what if it truely is possible. A little imagination the answer can easily be that is *could* be possible to execute code from within a jpg.

But lets hope you are right and that it is impossible, the next few months should tell us. BTW Norton, Mcafee, and housecall have the virus listed. Now does that make it real? No, but it brings a little more credability to the story.

[Palemoon]

I agree with Soulman, it has to do with file associations, the computer has to know what to open what with what program. Sounds more like to me a hidden file extension type thing like jpg.exe (Anna Knroncivia (sp), most people read to the first dot and computers look at the last dot, not to mention that the icon would appear different then again most people blindly click, and viri writters say see how stupid they are, like it takes real high thinking to know people are going to mindlessly click any file attachment, so who is really lame? Ah err go figure

[preacherman481]

This sounds a lot like the "multiplatform" virus that Symantec recently announced. What would be the purpose of announcing a "proof of concept" virus to the public?

[Palemoon]

Preacherman upon reading the full content of how this works and dah it is not a real new concept what a bunch of crap. First the person must get and run a program that does nothing more then change file associations, then click on the viri pic. This is lame I'm sorry this concept proves nothing cause to infect a pic you have to first run a program that reads the pic...wow. Lets all take a lesson in manually changing file associations. I cannot believe the hype on this crap. Then again maybe I have the wrong concept in programming here program looks for file associated with it, not file wants to run program...something is amiss here in this press release.

[Palemoon]

Ok here is the concept at least my twist on this "New Concept" viri and the resulting press release.

Sender
Step 1. Create a viri no pay load or for that matter use a tool kit, now how to make the viri infectable.

Step 2. Write a Word Doc, and just record a little mico for the word doc that changes file associations.

Step 3. Fill the body of the document with your concept then attach to an email send of to anti viri company explaining that the attached document explains and proves your concept.

Step 4. Send off email.

Recept: Anit-Viri Company

Step 1. They read the concept say ok this is valid, they are not running any virus scanning software because they are the experts and they can spot anything. So they reply to the sender ok the concept is valid but we did not get the other file to see how it all works and send a reply.

Sender: I'm sorry I forgot to include the file it is attached here, and it's sent off.

Anti Viri gets email opens the email and sure enough the concept worked but wait the anti-vrir defenders were just social engineered cause they got infected. Issue press release they fooled us you are next, press eats it up.

Result viri writter laughing his head off, Anti Viri makes a few mill more, your dumb and they are smart, cause it makes the mmoney but hey you can brag about it all to friends on-line you have never met.

[zaggy]

As long as the antivirus guys stay on top of it I will be happy!

Viri are bound to get more technical as everything else does, AO will keep me prepared and ready.

[Terr]

Originally posted here by Reality
What if IE or other browers read the code within the jpg as it is loading and executes it like it is any other script. *ponders*

That's what I was referring to when I mentioned bugs or overflows within the viewer program. The thing is, most of the time any functions that process the images are so basic and speed-intensive that they are probably in assembly or somesuch for speed optimization, and are likely so well known that it is a bit of a stretch for a bug to be found this late in the game.

Now, you know what would be really sneaky?

A combo of an extension-hidden program, that masquerades as a picture, and the program automatically finds the default program to open files of it's pretended type, and then generates a picture and opens it with that photoviewer when run. That way the user doesn't say: "Hmm... this picture isn't opening up..."

But it's still a program. I agree that the article seems to refer more to a trojan horse that can send messages to itself in images.

[cgkanchi]

I'm with Terr and Souleman here, unless the virus writer was able to get an image viewer to execute the virus code for which you'd need either a very badly written image viewer or a program that patches the image viewer (for which you'd need an executable anyway). Quite frankly, i think this is just a load of bull. An image viewer that reads the executable code will probably have to written that way on purpose, thereby negating the assumption that the jpeg spreades the virus.
Cheers,
cgkanchi