June 22nd, 2002, 03:33 AM
JPEG Virus author
It appears that someone has taken credit for the JPEG virus. An individual in the Phillipines.
Wasn't there another major virus that was to have stemmed from this area?
That's right, there was. The "Love Bug" which saddly is not a reference to the VW movie heroe..
Paul Glenerson B. Amurao, a 21 year old Filipino, has claimed in a media interview to be the author of the first virus to attempt to infect .JPG graphic files. Amurao, who says he lives in a province north of Metro Manila, Philippines, said he was the author of W32/Perrun-A in an interview he gave to INQ7.Net.
Amurao claimed that he wrote the virus using Microsoft Visual Basic 6, bought from a local retailer during a school fair at the University of the Philippines.
In the interview Amurao claimed that W32/Perrun was "like a time-triggered bomb waiting to explode."
"This is perhaps what virus researchers are afraid of. But thank god, somehow I was able to make them aware," he added.
"W32/Perrun-A is more hype than havoc. The virus is not in the wild, is not likely to be, and the JPEG infection method only works if the user is already infected by a Windows executable virus," said Graham Cluley, senior technology consultant for Sophos Anti-Virus."However, it's disturbing to see another virus being written in the Philippines, and that malware authors over there may consider it a cool thing to do."
The Philippines is no stranger to virus writing, being the birth place of the Love Bug (or VBS/LoveLet-A worm) which spread around the world in May 2000. Onel de Guzman, the suspected author of the Love Bug, was detained by the authorities but later released without charge because the Filipino authorities did not have sophisticated computer crime laws at the time of the offence. Laws designed to combat computer misuse were only introduced in June 2000 by the Philippines authorities as a result of the Love Bug incident.
Sophos has issued protection against W32/Perrun-A to customers concerned by the media reports and alerts from other anti-virus vendors.
\"I believe that you can reach the point where there is no longer any difference between developing the habit of pretending to believe and developing the habit of believing.\"
June 22nd, 2002, 03:46 AM
Damnit that's the last time i give my code to someone in the Phillipines. Why would someone want to take credit for a virus? Well i guess we now have someone to blame. Why can't we sue these people again?
June 22nd, 2002, 04:08 AM
how would it even be possible to do this in VB. i dont think it is since vb is used for writing windows applications. if this is even possible wouldnt it HAVE to be done in a very LOW LEVEL assembly language to be able to manipulate the file itself???
id like to know anybodys theories on how such a virus could be made???
know how to sell your wares. intrinsic quality isnt enough. not everyone bites at substance or looks for inner value. people like to follow the crowd;they go someplace because they see other people do so. uniqueness appeals both to the taste and to the intellect.
June 22nd, 2002, 05:15 AM
Yes, it is possible
how would it even be possible to do this in VB.
if this is even possible wouldnt it HAVE to be done in a very LOW LEVEL assembly language to be able to manipulate the file itself???
I wrote a paper on it, after reading the article on Securuty Focus:
Read it Here: http://www.geocities.com/pharmicomlabs/jpg/
It has a sample program I wrote for inserting and extracting text messages/pictures/executables in pictures without corrupting them. I include source (Which is in VB)
It was really very simple!!!
\"Your work is to discover your world and then with all your heart give yourself to it. \"
June 22nd, 2002, 05:29 AM
A bit of history here he may claim to be the author but fact is there are freeware programs that allow one to imbed messages in them (slips my mind Bin Liden supposdly used them) Common sense would say then if a text message can be hidden in a pic then well just about any code can also so that part was already done, no high thougts on their part was actually developed at a dot edu state side. Ok so putting the code not a message is not real hard now is it, now the second part the trigger that is the second part of the virus a seperate program which in fact changes only file associations again not real crafty or high thinking and it reads the code in the picture and excutes the code. What has not been shown is one click your dead payload. The most damage this virus has done is made a ton of money for the anti viri people and gave the media a news filler between Bush and Ashcroft rattling their swords. All of it has been done before just in seperate peices, sort of like putting together tinker logs if any one recalls what thay are.
I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg
June 22nd, 2002, 05:32 AM
I would imagine that you could add data when u open it for binary output.
June 22nd, 2002, 05:47 AM
There's a technique called "steganography" that is used to do things like this and, in some senses, even "watermark" files. Basically, it's the equivalent of hiding data within other "innocuous data" (ie. hide in plain sight, getting lost in the noise, etc). For the true steganographer, it'd be a great way to hide ciphertext inside of other random data such that it's not obvious that you're using cryptographic techniques (only "random" data traversing the Internet these days is still plain data, which is often very easy to identify (think "magic number" sorts of things), and crypto -- and using crypto is painting a big red target on your head for "anyone" to see... at least for those watching).
As a good example, I've heard that the Romans used to implement such techniques by shaving a slave's head, tattooing a message on it, then letting it grow back before they sent him to deliver "the message." (obviously a fairly slow means of communication)
One good example I know of, as well, for you Java-heads: http://www.stego.com/
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"