Printable View
I found today!
read the rest hereQuote:
A new computer virus is the first ever to infect picture files, an anti-virus firm reported Thursday, making sharing family photos on the Internet a potentially dangerous activity.
Now ... am i the only one who is concerned about that news?
The potential for this is astronomical.
As of now though the extractor is simply a .exe file that arrives via email/disk/etc.
It does not self proprogate...for now, which is a good thing.
The trick is to pre-package the whole deal. Extractor/payload/delivery I give it till the end of the year before we see one in the wild.
*Goes to Sybari...blocks all incoming .jpg extensions on the network*
=P
I am confused...the security update says it uses a .exe, but that it could use just a .jpg. How could you 'run' a jpg? Some sort of IE6 problem?
You have the have the 'extractor' program already installed on your computer before infected .jpg will execute when you open them.
This extractor checks to see if the .jpg is infected...if yes then it will execute the payload within the .jpg
hmm, interesting and yes as you say dangerous...
i read about a similar thing before:
it is possible to causse a buffer overflow by opening a mp3 or wav file. normally players ignore any executable text, but if there is a specific situation (e.x. in winamp the browser is open) opening such file can causse your comp to break down....
------------------------------------------------------------------------------------------------------------------------"Knowledge is the Real Power"
This certianly concerns me, as it should anyone who is responsible for a large number of computers. This is why we have places like antionline, so professionals and wannabes like myself can discuss what we can do about it.
Humm, this really doesn't sound like anything new to me.
Exactly. Don't open executable attachments. Thats just plain stupid.Quote:
The virus arrives via e-mail or a floppy disk as an executable file. Security experts always warn against opening programs sent as e-mail attachments.
This is nothing more then a trojan horse that recieves it's instructions via an encoded piture (probably using stenonography) instead of via IRC. You still have to install an executable (the extractor) first.Quote:
Once run, the file drops an "extractor" component onto the victim's hard drive. When a computer user clicks on a picture file with the extension .JPG – a common picture file found on the Web – it is infected before it appears. Because the picture displays normally, Gullotto said, the victim may not know there's anything wrong.
BS. You still have to execute something. Therefor it can't be a jpeg.Quote:
In its current form, an infected JPG file sent to a friend or placed on a Web site isn't dangerous without the extractor file. But Gullotto said there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.
McAfee probably created this proof of concept virus so they could sell more software.Quote:
McAfee researchers received the virus from its creator. Gullotto declined to identify the author, and McAfee anti-virus software can detect and remove Perrun.
Right now thiat's the case. BUT all you have to do is modify it so that yhe extractor code is in the picture too....thus when you click on the JPG file it executes and drops the payload without the need for the external EXEQuote:
Originally posted here by souleman
Humm, this really doesn't sound like anything new to me.
Exactly. Don't open executable attachments. Thats just plain stupid.
This is nothing more then a trojan horse that recieves it's instructions via an encoded piture (probably using stenonography) instead of via IRC. You still have to install an executable (the extractor) first.
BS. You still have to execute something. Therefor it can't be a jpeg.
McAfee probably created this proof of concept virus so they could sell more software.
Right, with modification this could make jpegs more than a simple data file, now it has the potential, with modification, to contain the executable within the code and virtually make jpegs exe files. The problem is not what it does today, but what it can potentially lead to tommarrow. I personally see this as a huge milestone and it could open the flood gates for new virii. It is like when you find an exploit, at first it is harmless because you don't plan to damage anything, but once the exploit is released and people know it is there; the gates are open for attacks.
I see great potential for this concept cause us lots of trouble in the future. But maybe I am wrong. I hope I am.
not good.........yeah, I hope you're wrong too, but it makes sense, so I think I'll set my email to never open .jpg or ANY type of pic attachments (I've got it set to ignore everything except for pics right now)........
thnx for the info!