Skip to comments.
New computer virus is the first ever to infect picture files
Dow Jones ^
Posted on 06/13/2002 9:59:53 AM PDT by Sub-Driver
13 Jun 2002 12:42 ET DJ McAfee Expresses Concern Over New Picture Data Virus
Copyright © 2002, Dow Jones Newswires
WASHINGTON (AP)--A new computer virus is the first ever to infect picture files, an anti-virus firm reported Thursday, making sharing family photos on the Internet a potentially dangerous activity.
The virus, dubbed Perrun, is not currently infecting computers but worries anti-virus experts because it is the first to cross from program infection into data files, long considered safe from malicious data.
"Our concern is more for what might be coming," said Vincent Gullotto, head anti-virus researcher at McAfee Security (MCAF). "Potentially, no file type could be safe."
Until now, viruses infected program files -files that can be run on their own. Data files, like movies, music, text and pictures, were safe from infection. While earlier viruses deleted or modified data files, Perrun is the first to infect them.
Perrun still needs some tweaking to become dangerous. The virus arrives via e-mail or a floppy disk as an executable file. Security experts always warn against opening programs sent as e-mail attachments.
Once run, the file drops an "extractor" component onto the victim's hard drive. When a computer user clicks on a picture file with the extension .JPG -a common picture file found on the Web -it is infected before it appears. Because the picture displays normally, Gullotto said, the victim may not know there's anything wrong.
In its current form, an infected JPG file sent to a friend or placed on a Web site isn't dangerous without the extractor file. But Gullotto said there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.
That evolution should make computer users think twice about sending pictures -or any other media -over the Internet, Gullotto said.
"I think there's a possibility that this could change the playing field," he said. "Going forward, we may have to rethink about distributing JPGs."
McAfee researchers received the virus from its creator. Gullotto declined to identify the author, and McAfee anti-virus software can detect and remove Perrun.
Perrun is known as a proof-of-concept virus, and does not cause damage. Gullotto said he fears that virus writers may use Perrun as a template to create a more destructive version.
TOPICS: Front Page News; News/Current Events; Technical
KEYWORDS:
Navigation: use the links below to view more comments.
first 1-20, 21-25 next last
To: Sub-Driver
Wow, that's a new one! Who'd ahve thought you could infect image files? There's a full description of the virus at
NAI
To: Sub-Driver
In its current form, an infected JPG file sent to a friend or placed on a Web site isn't dangerous without the extractor file. But Gullotto said there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself. Guess all those Internet porn fanatics better be careful! 8^)
To: WindMinstrel
I disagree, the statement "New computer virus is the first ever to infect picture files" is just hype to sell anti-virus software.
The virus is the extractor program. The fact that this program get information on what nasty things to do from specially encoded jpg files is not the same thing as saying that jpegs are, by themselves, capable of carrying viruses.
Regards, AL
4
posted on
06/13/2002 10:14:48 AM PDT
by
ahariail
To: WindMinstrel
I once heard that hackers and those who create computer viruses are mostly made up of radicals who have a strong hatred of the Internet being used for commerce. They think it should be used more for educational purposes. I think I also heard that they think the Internet ought to be free.
To: Sub-Driver
But Gullotto said there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself.That sounds bogus to me - the virus code is only harmful if it is executed, and programs that open jpegs for display do not execute the contents of these files.
There might be more to this story, but I suspect somebody has been misinformed.
6
posted on
06/13/2002 10:18:28 AM PDT
by
MikeJ
To: Sub-Driver
McAfee researchers are the probable creators! Tryin' to drum-up more business. Had them once...updates were impossible...Now Norton AV opens all my e-mails and auto-updates CONSTANTLY.
(I do NOT work for Symantec.)
7
posted on
06/13/2002 10:28:05 AM PDT
by
CaptSkip
To: Paul Atreides
Actually, a lot of virus writers do what they do simply to show the world how pathetic security is. Especially when it comes to the Microsoft world of computing products. I wouldn't be suprised tho if a lot of employees at MacAfee and Network Solutions write virus's in their off time for job security purposes. :) This picture thing is not a virus. The extractor is a trojan. Specifically designed to input some extra junk into an image file. I don't think it's possible to put malicious code into the image itself since most images are standard formats and you would have to put something into the image that caused the image reader/viewer to do something messed up like write to the hard drive or execute programs.
8
posted on
06/13/2002 10:31:01 AM PDT
by
Orblivion
SUPPORT FREE REPUBLIC
Donate Here By Secure Server
Or mail checks to
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794
or you can use
PayPal at Jimrob@psnw.com Thank you Registered!
9
posted on
06/13/2002 10:32:18 AM PDT
by
Mo1
To: Sub-Driver
Oppps....also, Norton AV has caught two or three virus/worms trying to get into my computer via E-mail that were NOT attachments. They were imbedded in the e-mail.
Is VIRI the plural of virus as campi is for campus????
10
posted on
06/13/2002 10:34:37 AM PDT
by
CaptSkip
To: Paul Atreides
Malicious hacking is the modern day equivelant of lighting a bag of dog poop on fire,ringing the bell and running away. Unfortunately a lot of times the bag catches the house on fire before anyone answers the door.
To: ahariail
The virus is the extractor program. The fact that this program get information on what nasty things to do from specially encoded jpg files is not the same thing as saying that jpegs are, by themselves, capable of carrying viruses. Worth repeating.
To: Sub-Driver
In its current form, an infected JPG file sent to a friend or placed on a Web site isn't dangerous without the extractor file. But Gullotto said there's no reason a virus writer couldn't stuff the entire virus code into the JPG, making the picture file a virus itself. If someone could stuff the extractor executable into the JPG, there would be no need to have an extractor executable. They would just stuff the VIRUS executable in the JPG.
13
posted on
06/13/2002 11:03:13 AM PDT
by
weegee
To: CaptSkip
It's possible that they were javascripts. You may try to disable HTML display for email.
The more "tricks" friendly senders needlessly use, the more opportunities hackers get to screw with your computer.
Text I understand. Attachments I understand. If the font and layout mean that much to you, send the file as a DOC. Want popups from opening an email? I'd be willing to bet that your recipient doesn't.
14
posted on
06/13/2002 11:07:46 AM PDT
by
weegee
To: Paul Atreides
That's not true, hackers/virus coders are nothing but lonely teenagers with no friends who cause mischief on the internet because they have nothing better to do. They need help.
To: weegee
I think a much bigger problem then viruses are trojan horses. I had my entire hard drive deleted that way about 2 years ago. It took me many hours to re-install all my software. Now I have a firewall.
To: weegee
Hey weegee, (and others that know),
Why do I get a prompt from Netscape, when sending e-mail, if I want to send it text, HTML, or both? And what is your advice?
17
posted on
06/13/2002 11:42:06 AM PDT
by
CaptSkip
To: weegee
It doesn't work that way. Image data is never executed by the processor.
18
posted on
06/13/2002 12:22:27 PM PDT
by
dinodino
To: ahariail
Yup. your correct.. the problem is with the executable not the jpg
It is a simple matter to write a program that can use jpg's to transfer data into a users PC. You can easily add data to many types of file though... not just images.
You can add data to exe and dll files easily by stuffing it into data 'caves' that the compilers created... this won't change the files length but it WILL change it's checksum.
You can defeat a firewall by having an executable running on the target machine. The firewall will detect any attempt by the exe to communicate using the net BUT if the exe simply sends a request to the default web browser to fetch a web page the browser will do so (shellexecute) because the browser generally has the users permission to access the net. If you tell the browser to fetch a url that is on the hackers server his server will have access to anything that the exe has added to the url i.e http://www.mysite.com/this is added data that could contain your pgp passphrase/ the server will get the added text and thus the hacker has defeated your firewall.
The hackers server can then send a modified jpg back to your browser that contains data that the exe will then use to further compromise your system...or place a file on you HD :-(
all of this is incredibly simple to do :-(
19
posted on
06/13/2002 12:58:43 PM PDT
by
Bobalu
To: Bobalu
In addition to helping sneak through firewalls, another advantage that this technique has to the virus author is that it gives him some additional cover.
If he wishes to program his "zombie" computers to, say, attack microsoft.com next tuesday, he doesn't have to do anything to contact them, and risk being traced.
All he has to do is put some encoded pictures into various news groups, perhaps using stolen AOL accounts, etc.
Porn sites asking you to download special "viewer" programs are fairly common. Anybody dumb enough to run one of these from a web site in Romania, probably deserves what he gets.
20
posted on
06/13/2002 1:35:51 PM PDT
by
ahariail
Navigation: use the links below to view more comments.
first 1-20, 21-25 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson