W32.Perrun is a virus that infects JPEG files. The malicious content of files that it infects will not spread to other computers. Indications of infection are that .jpg files will have increased in size by approximately 11KB, and the presence of the file Extrk.exe.


Variants: W32.Perrun.dr
Type: Virus
Infection Length: 11,780 bytes
Systems Affected: Windows 3.x, Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
and
If a .jpg file that has been infected by W32.Perrun is opened on another, uninfected computer, it will not execute malicious actions on that computer because the virus requires the presence of the Extrk.exe file for it to execute and infect other files.

Upon execution of the viral executable, detected as W32.Perrun.dr, the virus does the following:

It drops the files:

Reg.mp3. This is a registry file that the virus uses to modify the registry.
Extrk.exe. This is the executable that will be configured in the registry to open all JPEG files.

Extrk.exe is then configured to open all JPEG files by changing the (Default) value of the registry key

HKEY_LOCAL_MACHINE\Software\Classes\jpegfile\shell\open\command

to

extrk.exe %1
Check it here http://securityresponse.symantec.com...32.perrun.html

proof of concept?... yes.. jpg infection.. f*** no, you still need to extract the info from the JPG, so there for it is a two part virus. the extractor is the first part and the code in the jpg is the second.. the "infected" JPG on its own is useless.
So could the extractor be considered a bomb?

Cheers