There is no virus hiding in web pictures, and any technical writer who says there is, isn't worth listening to.
> There is no virus hiding in web pictures,
> and any technical writer who says there is,
> isn't worth listening to.
Here's authoritative site isc.incidents.org:
"No warning will be displayed. The user does
not have to click on any links. Just visiting
an infected site will trigger the exploit."
Now I haven't seen a full technical description
of the base exploit, but I wouldn't necessarily
rule out an image-based hack.
Suppose the run-length or dictionary-size encoding
in an image file doesn't match the actual data
provided. Has MSIE been checked against all
possible malformed variants of all supported
graphics file types?
Microsoft appears to be using Russian mobsters
to check their code for vulnerabilities. There
has to be a way of performing QA that isn't so
hard on the internet and MS customers :-)