"Of course, the best way to effectively do it would be to somehow alter the main HTML files of major web sites (Yahoo, eBay, CNN, etc) to contain ActiveX or Java controls to run an off-server ASP file to somehow modify hard-coded instruction sets in the browser or offline image viewers, and then attach malicious code to JPEGs here and there.. which would most likely be a detected intrusion and stopped first of all, or if it's not, it would be noticed by a lot of people who have their security levels in IE set to anything other than 'everything allowed' (which is most people). So it just wouldn't catch on." Using JPEGs in this situation would be kinda pointless no? If you can somehow modify the hard -coded instruction sets in the browser or offline image viewers, wouldnt that be a virus itself??:) If you could do this, you could make the image viewer delete any pictures opened, etc. A lot of people have been confused because most viruses come with names like this "justanimage.jpg.exe". If you EVER see a double extention, don't open it.