Log in

View Full Version : First JPEG Virus Identified


Jason Dunn
06-14-2002, 05:00 PM
<a href="http://www.pcworld.com/news/article/0,aid,101910,00.asp">http://www.pcworld.com/news/article/0,aid,101910,00.asp</a><br /><br />I was hoping this day would never come - someone has found a way to use JPEGs as part of a virus. Who are the idiots that write these things? Thankfully, at this stage you need to have an exe file with the virus on your machine as well in order for the virus to spread. Still, this doesn't bode well for the future of graphics on the web - I don't run an antivirus program because I've yet to find one that doesn't slow my system down, but if one day I have to scan every graphic that is downloaded...?<br /><br />"A new virus can--for the first time--infect image files, says an antivirus vendor. This means the virus could spread through Web site graphics and force antivirus companies to re-engineer their products, McAfee officials say. The virus is not yet in the wild, meaning it is not spreading on the Internet; it was sent by its author to antivirus vendor McAfee Security, a division of Network Associates. McAfee calls the virus W32/Perrun, says Vincent Gullotto, senior director for the McAfee Anti-Virus Emergency Response Team, which received the virus Thursday morning. <br /><br />The virus is built to spread first as an executable, or .exe, file and then in JPEG image files, Gullotto says. Were it to spread in the wild, W32/Perrun would appear as an executable that would infect JPEGs when it was run, he says. The executable can be transmitted in standard ways, such as by download and via e-mail. The first JPEG viewed after the executable is run will have the virus code appended to it, Gullotto says. The virus will then seek out other JPEG files in the same directory and try to infect them, he says. W32/Perrun is the first virus to infect JPEGs, according to McAfee."<br /><br /><b>UPDATE:</b> Looks like this thing is <a href="http://features.slashdot.org/features/02/06/14/1343223.shtml?tid=166">likely a clever marketing hoax</a>. I wondered about that, since JPEGs aren't excuted but read, but I certainly don't know everything (perhaps someone could alter Internet Explorer to read and execute EXIF JPEG data as an application...?)

karlth
06-14-2002, 05:09 PM
Propaganda.

"It infects jpg files but needs an executable to run"

Why bother infecting the image file when you need an infected executable?

Exactly the misinformation that caused panic among normal computer users.

Chima
06-14-2002, 05:21 PM
Jason,

You are being a bit harsh with the "who are the idiots that....." part. We are assuming malicious intent on this virus authors part.

My understanding is that it is not unusual for people to send 'proof of concept' viruses to AntiVirus firms, etc. so that solutions can be found before someone else releases a similar malicious virus or worm into the wild.

I personally am glad that the anonymous person sent it to MacAfee rather than my finding out after my hard drive had evaporated mysteriously.

Chima

Duncan
06-14-2002, 05:59 PM
Sorry - I'm just slightly flabberghasted by what I've just read:
I don't run an antivirus program because I've yet to find one that doesn't slow my system down Jason! Please tell me you aren't being serious!

Ed Hansberry
06-14-2002, 06:09 PM
Isn't this more of a trojan? You have to first download and run the bad .EXE file so it will associate itself with JPG's.

A sane person that doesn't run .EXE's from emails or web sites wouldn't ever be affected by this.

Jonathan1
06-14-2002, 06:43 PM
Jason,

You are being a bit harsh with the "who are the idiots that....." part. We are assuming malicious intent on this virus authors part.

My understanding is that it is not unusual for people to send 'proof of concept' viruses to AntiVirus firms, etc. so that solutions can be found before someone else releases a similar malicious virus or worm into the wild.

Chima

People who are doing proof of concept sure. I personally don't have probs with them. Any files they are sending should be winzipped and password protected. Then the password sent in an adjoining e-mail.

But then you have 99.997% of the other virus writers who should be shot. One of my fav excuses when someone gets caught….the old "It escaped off of my computer bit." And that is a load of crap. Any puter being used for creating a virus should be totally isolated from the net or any network. It should have a floppy and a CD burner and that should be the ONLY way to export files.

It may be harsh but I would love to see the death penalty evoked for virus writers. This is a new type of terrorism. It can ruin companies, can destroy lives (Banking records on home computers being fragged.) costs the tech industry billions and for what? A joke? A prank? :twisted: These a-holes get off with what? 3 years in jail. While IT departments are still trying to pick up the pieces after Code Red. :evil:

One last thing to consider. Right now viruses are relatively benign. Yes they trash computers, records and such. What happens when hospitals become highly dependant on networked devices? When all records in hospitals are stored in their servers? When programs that tell someone on the medical staff what doses to hand out are linked to a person's vital statistics? Now introduce a virus into this environment. Everyone still think virus writers are so cute? I say lets send a message now before someone REALLY gets hurt. :twisted: :twisted:

Jason Dunn
06-14-2002, 07:25 PM
Sorry - I'm just slightly flabberghasted by what I've just read:
I don't run an antivirus program because I've yet to find one that doesn't slow my system down Jason! Please tell me you aren't being serious!

Well...yes I am. :-) Why is that surprising to you? I've tried many different anti-virus scanners, and they all cause significant system drag.
I've tried the Norton service that scans the POP3 email coming in by processing it through their servers, only to have their servers stop working and I can't get at my mail. :evil: And ActiveSync does this funky email caching thing where it archives email messages even after you've deleted them off your PC, so when I was getting viruses emailed to me, I'd delete them, but every time I did a sync Norton would freak out and I'd have to click through 12+ screens of "ignore".

I haven't had a virus on my computer in years. Most viruses are spread by people who don't know any better and open up attachments they shouldn't. Outlook XP blocks all sorts of HTML and scripts that could infect my machine, and I use House Call (http://housecall.antivirus.com/housecall/start_pcc.asp) to scan floppy disks I'm concerned about, and to scan my PC once every two weeks or so.

You mean the rest of you run anti-virus programs? :wink:

Jason Dunn
06-14-2002, 07:27 PM
It may be harsh but I would love to see the death penalty evoked for virus writers. This is a new type of terrorism. It can ruin companies, can destroy lives (Banking records on home computers being fragged.) costs the tech industry billions and for what? A joke? A prank? :twisted: These a-holes get off with what? 3 years in jail. While IT departments are still trying to pick up the pieces after Code Red. :evil:

I think the death penalty is a bit harsh personally, but I agree with you on the amount of destruction that these people can cause and their penalty is far too kind.

klinux
06-14-2002, 07:30 PM
I also do not run an anti-virus program on the laptop that only I use. Various programs like Zonealarm and common (technical) sense have protected me well. However, on the main PC that my wife and I use, I do have AV running - just to be on the safe saide.

tonyv
06-14-2002, 07:43 PM
From the description, it sounds like the JPEGS are irrelevant to the propagation of the virus. This whole thing smells like a scare tactic to generate sales for anitvirus vendors, to me.

Gerard
06-14-2002, 07:53 PM
Oh man, I hope you're okay without one... and if you never share your PC maybe you are! For mine, because a couple of thick-skulled friends use it for email (they have no computers, and are constantly opening attachments, ESPECIALLY JPEG files), and my girlfriend naively insists that no one would send her a virus (HA! she's opened 4 so far!), I run AVG freeware edition 6. I found out about it when Dale Coffing was looking for an AV that wouldn't dominate his PC, and a couple of users said it was great. Well, it is. Plain and simple, easily configured, you run it once on installation and then shut off the scheduling to avoid system bog-downs. It scans everything incoming and just nails any virus cold, bottling it up. They are really on the ball with updates and notifications, and best of all it's FREE!
http://www.grisoft.com/html/us_index.cfm

rene_canlas
06-14-2002, 09:10 PM
Not a virus; definitely a trojan. There is simply NO WAY anybody can get infected through "infected" JPEGs, coz your PC does not treat JPEG data as executable code.

Jason Dunn
06-14-2002, 09:45 PM
Not a virus; definitely a trojan. There is simply NO WAY anybody can get infected through "infected" JPEGs, coz your PC does not treat JPEG data as executable code.

That's what I always thought...yet somehow this seems to fly in the face of this. It treats JPEGs are read objects, not executable objects...very odd. But I don't know everything, so I won't say for sure it's not possible. :D

Jason Dunn
06-14-2002, 09:47 PM
Oh man, I hope you're okay without one... and if you never share your PC maybe you are! For mine, because a couple of thick-skulled friends use it for email (they have no computers, and are constantly opening attachments, ESPECIALLY JPEG files), and my girlfriend naively insists that no one would send her a virus (HA! she's opened 4 so far!), I run AVG freeware edition 6.

No, I don't share my baby with others. :-)

My wife has her own PC, and she's been educated about avoiding viruses as well. Education is the only true protection from viruses - software can always be circumvented. But I have heard good things about AVG...

nox
06-14-2002, 10:32 PM
This Post , about jpegs having virus is foolish. For this very reason Mcafee PR released this bit of NEWS, its ********. Mcafee wants you to talk about it spread , just liek a virus and ifect everyones mind with non sense. All they care about is selling their product, and spreading ******** like this , and having everyone panic is just perfect.

If you want more information about this go to SLASHDOT.ORG , teh guy there breaks it down .

http://features.slashdot.org/features/02/06/14/1343223.shtml?tid=166

Theres no way in hell JPEGS can have viruses

DrtyBlvd
06-15-2002, 10:27 AM
:P Interesting -

A while back, about 2/3 months, I was downloading a JPEG from a newsgroup (Porn, what else) and up popped Norton AV telling me it was infected with a virus - I don't recall the details of the title, just let it be cancelled - and I was quite impressed that someone had found a way to do it - I don't pretend to understand how it did/does(?) it but was bothered that it appeared to have been done! My thinking being that if NAV said so, it was probably right?

db

Al @Home
06-15-2002, 01:13 PM
I get is this is a "proof of concept". Most of the vendors I looked at currently carry it as a very low risk. With that said, it is interesting and possibly a trend of the furture...

http://www.cert.org/other_sources/viruses.html

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PERRUN.A
http://www3.ca.com/virus/virus.asp?ID=12313
http://www.datafellows.com/v-descs/perrun.shtml
http://vil.nai.com/vil/content/v_99522.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.perrun.html
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PERRUN.A

ctitanic
06-17-2002, 09:38 PM
A virus in a JPG= A virus in a TXT file. ;)