Thu, Nov 28, 1:34 AM CST

Renderosity Forums / Photography



Welcome to the Photography Forum

Forum Moderators: wheatpenny Forum Coordinators: Anim8dtoon

Photography F.A.Q (Last Updated: 2024 Nov 26 6:56 am)



Subject: Virus can infect jpegs!!!


Misha883 ( ) posted Thu, 13 June 2002 at 10:32 PM · edited Thu, 28 November 2024 at 1:29 AM

Attached Link: http://www.cnn.com/2002/TECH/internet/06/13/picture.virus.ap/index.html

I just pulled this link off of CNN. It has pretty far-reaching implications for the entire Internet. I could imagine that sites such as Renderosity may in the future need to implement some pretty significant virus scanning. There is not a lot of technical details given in the article. I would imagine (in time) normal Internet page graphics could be protected within the Browser. This would just leave other vectors vulnerable; like e-mail attachments or custom software for FTP'ing photos. Not much we can really do now, except any graphic we "Save picture as..." should likely go to a quarantine folder for virus scanning. http://www.cnn.com/2002/TECH/internet/06/13/picture.virus.ap/index.html


DarkPenumbra ( ) posted Thu, 13 June 2002 at 11:37 PM

"But Gullotto said there's no reason a virus writer couldn't make the picture itself able to infect other computers." That's just silly. Pictures aren't executable files, don't carry any code, don't have any instructions. They're just data sets that are fed through a JPEG/GIF/whatever interpreter. One way you could make a JPEG file contaminate anything else (and pretty much the only way) would be to modify the JPEG-reading instructions in an application read a modified header, for example, that would carry virus-like code. Which would be quite a lot of trouble. Now, this virus is an actual executable program that looks for JPEG files - which is an entirely different situation. It's just like any virus out there in that you have to run it first. And server admins don't usually (unless someone's not very concerned about viruses) run executable files they receive by email. It's another virus alert blown out of proportion (I'm aiming this at CNN, not you, Misha) - just use common sense: don't open any attachments you don't expect, scan any files you download from peer-to-peer networks, etc etc, and your risks of infection are extremely low. I've never owned a virus scanner and only used one once, when I couldn't pinpoint a problem I was having (turned out to be one of my own programs that was the culprit.. heh) and I've never been infected in the 15+ years that I've used computers. My brother even had a rather huge virus collection at one time (easily over a thousand, including some scary ones from the old DOS days) sitting on floppies.. that was interesting. :) =DarkPen=


Slynky ( ) posted Fri, 14 June 2002 at 9:32 AM

Who knows, someday someone will prolly be able to reverse engineer jpg files, and make them carry malicious code... hey misha, where'd you find the link from? Personally, I saw it yesterday from a "Security" site, lol. ry


DarkPenumbra ( ) posted Fri, 14 June 2002 at 10:41 AM

Why would you want to reverse engineer them? The whole file format's specifications are available so that anyone may be able to program an image viewer. Even the source code is available (though that costs money). I have both at work, and looking at the main JPEG document, there's nothing in it that could be used to run malicious code. JPEG File Interchange Format features: o Uses JPEG compression o Uses JPEG interchange format compressed image representation o PC or Mac or Unix workstation compatible o Standard color space: one or three components. For three components, YCbCr (CCIR 601-256 levels) o APP0 marker used to specify Units, X pixel density, Y pixel density, thumbnail o APP0 marker also used to specify JFIF extensions o APP0 marker also used to specify application-specific information If you're worried about that last one: "Application-specific APP0 marker segments are identified by a zero terminated string which identifies the applications (not 'JFIF' or 'JFXX'). This string should be an organization name or company trademark. Generic strings such as dog, cat, tree, etc. should not be used." I tell you, it's just not possible, unless you make bogus JPEG files that contain malicious code (which, when opened would appear corrupted) and a viewer program to go along with it that will recognize the instructions and run them (and if you use Photoshop, ACDSee, Paint Shop Pro, etc, it's just not possible as the JPEG instruction set is hard coded). That's the thing with virii (viruses? my French's coming through.. heh), they have to be run. Of course, you can fool anyone into running a virus (naked pics of Anna Kournikova [sp?] seemed to do the trick once), and Outlook Express/Outlook can be configured to run ASP files which could infect you depending on your Internet Explorer settings, but it all comes down to being careful. =DarkPen=


TaltosVT ( ) posted Fri, 14 June 2002 at 10:54 AM

Attached Link: http://vil.mcafee.com/dispVirus.asp?virus_k=99522

I just checked McAfee's website about this one. The virus itself infects JPGs, but it does have to use an extractor file to run the code. And according to McAfee (I love the way they word these...) The virus "has not been seen in the wild".


Slynky ( ) posted Fri, 14 June 2002 at 5:14 PM

well poo pooon you DP! I hatet you forever and ever and ever and ever!!!! it was early in the day, my vocabulary stunk, and once again , I HATE YOU FOREVER AND EVER!!!! Message671414.jpg


DarkPenumbra ( ) posted Fri, 14 June 2002 at 5:49 PM

cackle Hey, gotta do my part after my long absence. :P You just stuck 'Poon-Tang Blues' in my head now, though.. grr. =DarkPen=


Slynky ( ) posted Fri, 14 June 2002 at 6:29 PM

poon-tang blues? Never heard of it, but sowwy anyways. you deserved it...


Misha883 ( ) posted Fri, 14 June 2002 at 7:36 PM

Attached Link: http://features.slashdot.org/features/02/06/14/1343223.shtml?tid=166

Nice hearing from you again, DarkPen. We've missed you. I must say, my reaction to the CNN article at first was exactly the same as yours; this is a DATA file, it does not carry executable code. The general thread at slashdot felt that it was all a marketing ploy by McAfee. However, several posters did raise viable scenarios: a) If there is a known defect in some browser/image viewer software, a jpeg could be exploited to trigger that defect, thereby perhaps opening a security hole. This sounds like very much a contrived scenario, but I guess it has happened in the past with defects like "buffer overflows." b) Other postings seemed to speculate on compression algorithms (future?) that are more procedural; carrying code instructions for recreating or displaying an image. I do not think these are really something to worry about today. Thankyou very much, BTW, for putting the blame on CNN for spreading this rumor.


DarkPenumbra ( ) posted Sat, 15 June 2002 at 1:09 AM

Well, even option a) is a bit far-fetched, considering it's a hard-coded element of the browser/image viewer (unlike, say, an ActiveX control in IE, which is just in a way an application layer). There's always a way to use an exploit, of course, but then the best way to transmit that would be through an html file with javascript/java code that would contain a JPEG, but not through the JPEG itself. My point is, there's a way to do it of course, but it's so incredibly complex (well, not that much from my POV, but generally) that it just wouldn't be a good way to do it. People who write viruses either do it for a) the challenge, b) to get noticed, or c) because it's incredibly easy to do. 95% of the viruses out there are c), thanks to programs like Virus Lab (oh, the fun I had with that in high school). B) are mostly the ones that get around - like the Kournikova virus, or Melissa or 9/11 or whatnot. A)'s are the ones to 'look out' for, except those people don't usually spread their code, and even if they did, the complexity of transmitting a virus through JPEG files is too high to even be worth the effort. Of course, the best way to effectively do it would be to somehow alter the main HTML files of major web sites (Yahoo, eBay, CNN, etc) to contain ActiveX or Java controls to run an off-server ASP file to somehow modify hard-coded instruction sets in the browser or offline image viewers, and then attach malicious code to JPEGs here and there.. which would most likely be a detected intrusion and stopped first of all, or if it's not, it would be noticed by a lot of people who have their security levels in IE set to anything other than 'everything allowed' (which is most people). So it just wouldn't catch on. As for your b), well, those are still very early on. Altamira and others use them for their resizing software, and the source code to those things are usually very well protected. Until vector-based graphics really catch on on the web in 'true form' (as opposed to Flash-contained and equivalents, since they kinda fit in that category), I wouldn't worry about that. And hey, I don't just put the blame on CNN. McAfee, Symantec and others are just as guilty.. though on the other hand they're just looking after their own profit margin. I tend to respect anyone who can actually make a living, but that's probably because I live somewhere where I'm incredibly overtaxed. grin probably doesn't make much sense right now But that's ok, it's late and I'm tired and just catching up on tonight's posts before going to bed. Hopefully it made -some-. :P =DarkPen=


DarkPenumbra ( ) posted Sat, 15 June 2002 at 1:10 AM

Oh, and btw Slynky.. 'Poon-Tang Blues' is a song The Doors did on live shows occasionally. :) (not that I'm old enough to have seen them live, but they're my fave nonetheless) and thanks Misha. :) =DarkPen=


JordyArt ( ) posted Sat, 15 June 2002 at 8:42 AM

One of the strange things that ALWAYS hits me is these viruses which companies such as McAfee (Previously Dr Solomon too) "FIND" that haven't reached the public - as in the above "not been seen in the wild". If this is the case, then how did they get to know about the virus? I mean, if the viruses haven't been in the public domain (where they would spread rapidly as we all know) they've appeared in a private scenario - ie. must have been close to home for the virus killers yeah? as a personal opinion I've been suspicious of these companies from the start, I mean, if you make a product that kills greenfly, wouldn't a great way to get people to buy your product be to breed and release a load of greenfly?!? Not that I'm implying they would deliberately release a new virus just to sell virus killing software, because I'm sure they wouldn't. But it would be the ultimate in product placement wouldn't it? (",)


Lilgooser ( ) posted Sat, 15 June 2002 at 3:16 PM

"Of course, the best way to effectively do it would be to somehow alter the main HTML files of major web sites (Yahoo, eBay, CNN, etc) to contain ActiveX or Java controls to run an off-server ASP file to somehow modify hard-coded instruction sets in the browser or offline image viewers, and then attach malicious code to JPEGs here and there.. which would most likely be a detected intrusion and stopped first of all, or if it's not, it would be noticed by a lot of people who have their security levels in IE set to anything other than 'everything allowed' (which is most people). So it just wouldn't catch on." Using JPEGs in this situation would be kinda pointless no? If you can somehow modify the hard -coded instruction sets in the browser or offline image viewers, wouldnt that be a virus itself??:) If you could do this, you could make the image viewer delete any pictures opened, etc. A lot of people have been confused because most viruses come with names like this "justanimage.jpg.exe". If you EVER see a double extention, don't open it.


DarkPenumbra ( ) posted Sat, 15 June 2002 at 11:00 PM

"Using JPEGs in this situation would be kinda pointless no? If you can somehow modify the hard -coded instruction sets in the browser or offline image viewers, wouldnt that be a virus itself??:) If you could do this, you could make the image viewer delete any pictures opened, etc." Thank you for proving my point. grin Seriously though, that's part of my point.. if you can do this, why not do something incredibly easier that will spread your virus much more, y'know? The good part out of all this (from my opinion) is that people are starting to doubt the oh-almighty authoritaw from McAfee and others, which may break a little bit of the Palpatine hold they've got on customers. =DarkPen=


Privacy Notice

This site uses cookies to deliver the best experience. Our own cookies make user accounts and other features possible. Third-party cookies are used to display relevant ads and to analyze how Renderosity is used. By using our site, you acknowledge that you have read and understood our Terms of Service, including our Cookie Policy and our Privacy Policy.