-
Folks--
Okay, some little bastard has created a new virus that infects JPEG files with an executable that then destroys all the JPEGS on your system by writing into the Registry. This is a Windows thing; Mac users haven't bween treated yet to this wonderful display of compassion and humanity.
Get the fix, read this article, and be wary of scamming JPEG files from the net for a while. Even viewing one can infect your system.
---Gary
JPEG worm breaks new ground
By Robert Lemos
Special to ZDNet News
June 13, 2002, 11:50 AM PT
Antivirus companies warned on Thursday of a new virus that communicates through digital images, but security experts aren't sure how much of a threat this latest evolutionary branch of malicious code poses. Dubbed the first "JPEG infector" by security company Network Associates, the W32/Perrun virus has two parts: infected JPEG images that contain the virus's payload and a viral program that extracts the code from the images and infects other JPEGs on the system as they are opened. Because PCs have to be infected by the extractor virus before any code hidden in image files can affect them, the program is more a computer-science curiosity than a threat, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.
"We are not saying that this is a problem," Gullotto said. "We gave it a low risk, but we haven't seen anything like this before." A digital image carrying code for W32/Perrun is easy to spot, he said, because the image is corrupted by the new code. PC users should note that they can't be infected by opening a JPEG image. Rather, a virus on an infected computer copies code into a digital image and waits for the JPEG to get passed along to other infected systems. The virus on those systems will read the code fragment in the JPEG image and follow the instructions. Users who haven't been infected by the extractor virus can open an infected digital image and nothing will happen. The extractor file only infects computers running Microsoft Windows and doesn't include a mass-mailing component. And, in fact, the virus has not been released on the Internet, but has been sent only to major antivirus companies by the creator of the code. However, the code has opened up a debate among antivirus researchers as to whether viruses with multiple parts could represent a new threat to PC users. With some rather simple improvements, the virus could pose a threat, Gullotto said. One obvious modification, which has already been discussed among the virus community, is using steganography--a technique to hide data in pictures--to allow such programs to embed code in images without corrupting the picture. An upgradable virus is not a new event in the virus world. Hybris, a worm that slowly infected a large number of computers on the Internet last year, could be upgraded with encrypted plug-ins that were posted to Usenet, security experts have said. Researchers have long worried about the evolving technology in viruses, and the latest critter to climb out of the Internet shows that the arms race with virus writers hasn't slowed. But for Gullotto, the real lesson is one of foresight. "People should start becoming more leery of JPEG files," he said. "If there is a chance that we can get ahead of the virus curve in educating the users, we should." []
http://zdnet.com.com/2100-1105-935766.html
Gary David Bouton
Gary@GaryDavidBouton.com
Free education! The Writings Web site
and the updated GaryWorld Gallery is pretty okay, too.
-
Folks--
Okay, some little bastard has created a new virus that infects JPEG files with an executable that then destroys all the JPEGS on your system by writing into the Registry. This is a Windows thing; Mac users haven't bween treated yet to this wonderful display of compassion and humanity.
Get the fix, read this article, and be wary of scamming JPEG files from the net for a while. Even viewing one can infect your system.
---Gary
JPEG worm breaks new ground
By Robert Lemos
Special to ZDNet News
June 13, 2002, 11:50 AM PT
Antivirus companies warned on Thursday of a new virus that communicates through digital images, but security experts aren't sure how much of a threat this latest evolutionary branch of malicious code poses. Dubbed the first "JPEG infector" by security company Network Associates, the W32/Perrun virus has two parts: infected JPEG images that contain the virus's payload and a viral program that extracts the code from the images and infects other JPEGs on the system as they are opened. Because PCs have to be infected by the extractor virus before any code hidden in image files can affect them, the program is more a computer-science curiosity than a threat, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.
"We are not saying that this is a problem," Gullotto said. "We gave it a low risk, but we haven't seen anything like this before." A digital image carrying code for W32/Perrun is easy to spot, he said, because the image is corrupted by the new code. PC users should note that they can't be infected by opening a JPEG image. Rather, a virus on an infected computer copies code into a digital image and waits for the JPEG to get passed along to other infected systems. The virus on those systems will read the code fragment in the JPEG image and follow the instructions. Users who haven't been infected by the extractor virus can open an infected digital image and nothing will happen. The extractor file only infects computers running Microsoft Windows and doesn't include a mass-mailing component. And, in fact, the virus has not been released on the Internet, but has been sent only to major antivirus companies by the creator of the code. However, the code has opened up a debate among antivirus researchers as to whether viruses with multiple parts could represent a new threat to PC users. With some rather simple improvements, the virus could pose a threat, Gullotto said. One obvious modification, which has already been discussed among the virus community, is using steganography--a technique to hide data in pictures--to allow such programs to embed code in images without corrupting the picture. An upgradable virus is not a new event in the virus world. Hybris, a worm that slowly infected a large number of computers on the Internet last year, could be upgraded with encrypted plug-ins that were posted to Usenet, security experts have said. Researchers have long worried about the evolving technology in viruses, and the latest critter to climb out of the Internet shows that the arms race with virus writers hasn't slowed. But for Gullotto, the real lesson is one of foresight. "People should start becoming more leery of JPEG files," he said. "If there is a chance that we can get ahead of the virus curve in educating the users, we should." []
http://zdnet.com.com/2100-1105-935766.html
Gary David Bouton
Gary@GaryDavidBouton.com
Free education! The Writings Web site
and the updated GaryWorld Gallery is pretty okay, too.
-
This just shows that people are hell bent on making other peoples life's miserable (sp?)
Good to hear from you Gary, I was going to post a "Have you heard from Gary" post after this weekend.
--Randy R
-
What next??!! [img]/infopop/emoticons/icon_frown.gif[/img]
http://talkgraphics.infopop.net/1/Op...&ul=3121905805
-
there's another report on this at the Reg site, you can all view it here...
http://www.theregister.co.uk/content/56/25718.html
...it doesn't sound quite so bad on this report, but it does show that virus writers are starting to look at other options for their "vehicles" of destruction and that can never be good for the rest of us.
d-sine.
:: d-sine :: www.d-sine.org
-
Thanks Gary. This was interesting... though, I must say it seems like a rather pointless virus. I think their intent was to scare people into believing that a JPG could be a virus - when in fact, a JPG is NOT an executable, and thus poses NO threat. JPG images, and all images, are as safe as they always were. The only way these 'infected' JPGs cause any harm is if you are ALREADY infected with the virus. In which case the JPG isn't the problem.
Which, again, makes the JPG rather pointless...it's like taking a virus, splitting it into two, and then making people think one half (embeded in JPGs) is harmful. That half can't do anything. It's the other half, the half that finds its JPG counterpart, that does the damage. Which again, brings up the question, why not just put the full fledged virus in the first half? I mean, in order for the virus to work, they need to infect your PC with executable code. Why wouldn't they simply do all the damage then? That's when they have the chance, that's when they're executing code. Instead, they wait upon the chance that you might download extra code (embeded in the JPG files).
It's almost like a modular virus! Hey kiddies! Install me! I won't do any harm...unless you download some plugins (aka JPGs) and make me more powerful!
It's almost a joke really... [img]/infopop/emoticons/icon_cool.gif[/img]
-
Ya theres something dodgy there Earl,almost like someone is wanting to bring the possibility to our attention without causing mayhem.But I pity anyone who has jpgs with the code that end up partying with anyone with the other bit.
Mandatory castration with rusty scissors for anyone who makes a virus I say.....oh ya no anisthetic {sp}
Stu.
-
it's a "maybe" problem, or a nonproblem at present...but what might evolve from there??? I hope it's never a problem, as Earl says, but someone always seems to be trying to cook something up...
oh yeah, and don't mess with Stu!!!!!! [img]/infopop/emoticons/icon_biggrin.gif[/img]
---As The Crow Flies!---
Maya
-
<BLOCKQUOTE class="ip-ubbcode-quote"><font size="-1">quote:</font><HR>Originally posted by Earl Wilson IV:
Thanks Gary. This was interesting... though, I must say it seems like a rather pointless virus. I think their intent was to scare people into believing that a JPG could be a virus - when in fact, a JPG is NOT an executable, and thus poses NO threat. JPG images, and all images, are as safe as they always were. The only way these 'infected' JPGs cause any harm is if you are ALREADY infected with the virus. In which case the JPG isn't the problem.<HR></BLOCKQUOTE>
I agree with Earl here. The fact that the virus stores its payload in JPG files is just showmanship and fearmongering. As always, it's the virus itself that does the dirty work. This virus is actually less dangerous than one that deletes JPGs--at least it's possible here to clean the altered pics and recover.
Doug Frost
-
Here's an update article about the virus:
PC Magazine Article
Thanks, again, Gary, for bringing this up.