Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
hmmmm ok correct me if im wrong.. but as far as i know you cant get/send a virus through images... that includes jpeg..gif..etc. only executable file like .exe, .scr..etc.. no!!?? someone was just saying to me that you can but i think thats a load of bulls---(with capitals)!!!
You are absolutely correct. As long as its extension .jpeg, .gif, .mov, .mp3, .mpeg, etc (multimedia files, unexecuteable files and only ONE extension (not .jpeg.vbs---->not JPEG but VB Script files)) than IT IS 100 % SAFE.
0 
However,
you can use a stenography program and encode a virus inside a picture of any extension. Jpeg, jpg, bmp, etc...
Steganography is the method of hiding information inside of another medium. This can be inside of pictures, or sounds, or even hidden in the background noise of a radio signal. Hiding information in this manner has some very great advantages. If in times of war the enemy receives an encrypted message, it is already a given that the message contains information that is secret, so the cryptographers, or code breakers can immediately go to work trying to break the code. If the message is hidden inside of a picture however, it is not seen as a secret message and can therefore get to it's intended recipient without interception. The same is true in a present day business setting. You may want to send some sensitive information over the Internet concerning next year's product line and your company has already had some problems with industrial spy's intercepting confidential information. If the sensitive information is hidden in picture or .wav file, it is likely that it will go by unnoticed by a corporate spy sitting somewhere with a packet sniffer. Here is one more example on a more personal note. Let's say that you want to send a secret e-mail to your best friend about his wife's upcoming surprise birthday party. You encode it using PGP and send it on it's way. Well your best friend and his wife share one Internet account so she sees all of the e-mail that comes in and is immediately suspicious of an encrypted e-mail. Since she is suspicious she is likely to badger her poor husband until he finally gives in and spoils the surprise. As you can see there are many many reasons why someone would want to hide a message inside another wrapper.
just remember the golden rule, if you didn't ask for it, and you received it, don't open it.
Tank863
0
You right, Tank. But such stenography or cryptography app needs Password to open it (in order to built unreadable code, it need some pwds to mask itself in strength of for example 128 bit).
One of them is Camouflage.
0
Browser and Viewers cannot deal with Steganography anyway, then there is no reason to care about possible virus that could replicate that way.
However, MP3 files may contained html directive that point to a compromised or doubtful website. Then its recommended to disable the "web" option in winamp.
0
This question was addressed some time ago.
You absolutely can get a virus from what you believe to be a jpg (or any graphic file) regardless of what the extension APPEARS to indicate.
I have a program that will turn an executable into whatever I want it to appear to be. This was a freeware program, and I'm sure it's still available for download.
All that needs to happen to run the code is double-click on the file. NO password is needed.
0
But if you turn an EXE file into a JPG file, when I double click on it, it will open with my JPG viewer, IRFanView, which will probably generate an error since it is not a JPG file.
0
you still have to run an .exe attachment
then it infects all .jpg that are viewed,
it doesn't matter what you use to view them with, double clicking them activates the
virus path of infection.
perrun is the name of the virus,
see msnbc.com story on perrunit is included in the june 13 definitions
from norton, or 6/19 live update definitions
http://www.sarc.com/avcenter/venc/data/w32.perrun.html
0
WhitPhil, you're exactly right. Your machine will think the file is a graphic file, thus opening your graphics viewer when you open the file.
It will generate an error in that program because the file is actually an executable, and NOT a graphic file. :)
So, opening the file will do two things: run the code behind the executable, AND open your default graphics program.
0
Jennifer:
Sorry to differ but..
If the only thing that you have on your pc is an infected JPG, double clicking on it will NOT execute the viral code.In order for that to happen, you also need to have downloaded and run, the original virus which attaches itself into the registry on the JPG key.
THEN, when you double click on the JPG your viewer will run AND the other program runs (the extractor), that will then read and "supposedly" execute the viral code.And infected JPG only, will do nothing by cause your viewer to generate an error message.
0
Just to give some details concerning Perrun virus. Effectively this virus is hidden in JPG file...
However, it will work ONLY if you already have the doubtful Jpeg viewer named EXTRK.exe. This viewer act as virus launcher because it will make the difference between a real JPG and an Executable document.
In clear, if someone suggest to use this "great" viewer... you will know what it is! Otherwise, as said Whitephil, the viewer will either generate an error (invalid jpeg format) or simply ignore extra code embeded in the jpg file.
0
Have a look;
http://zdnet.com.com/2100-1105-935766.html
...and Norton has definitions out to handle it, though it won't make it into a live update download until next Wednesday, 19 June. You can, however, use the Intelligent Update method and get that protection today...
http://securityresponse.symantec.com/avcenter/defs.download.html
0
Please post a short resume of the interesting article with your comments instead of posting URLs!! It will be more helpful.
0
Sorry Danny,
The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors.
The latest "news" to come out of the AV industry is New Virus Infects Picture Files. McAfee put up their description and made sure to issue a wide-spread press release to stir up some interest. McAfee's spokesdrone fans the flames:
"Potentially no file type could be safe."
That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.
"Going forward, we may have to rethink about distributing JPGs."
Now, if you know much about computing, you may be a little suspicious of this. JPEGs are compressed image files that only contain data representing an image to be displayed, not code to be executed. A modification of that data might screw up the picture of your cat dangling from the edge of the kitchen table you like so much, but it won't turn the image into a potential virus transmitter, because the programs that display JPEGs don't read them with an eye toward executing the code. An image file is just data to be displayed. The line between "data" and "code" is a little bit fuzzy - often particular characters or a particular file can be both data and code, depending on the context of how other code handles it. Or a particular file can include both data and code separately, like a Microsoft Word file that includes data (your text) and code (some macro designed to be executed by Word when the document is opened).But for JPEGs there's a well-designed standard, and it doesn't include executing code of any sort. If a JPEG-handling program doesn't like the data it sees, it should just stop trying to display the image, not decide to start executing code from the image. JPEGs are mostly harmless.
McAfee's claim of a virus spread through JPEGs requires one essential element: you have to have already been infected by ANOTHER virus transmitted by some actual executable code. What it comes down to is:
Once you're infected with a virus, the virus can set you up to be infected by other viruses.
No s---, Sherlock. Once you have enemy code running on your system, you're toast. A virus could alter Microsoft Word so that opening any Word document at all would erase every file on your hard drive, making every single Word document in existence a deadly threat -- to you, and to you alone. But this isn't a new virus threat of any sort. It isn't a breakthrough. It's a consequence of being infected, not a new method of being infected.
Two weeks ago, we ran a story about a cross-platform virus. Like this one, it didn't really exist in the wild. Like this one, it was mainly a PR ploy (by Symantec, in that case). But we thought it had at least some minimal technical interest as a bit of code that would run under Windows or Linux.
McAfee and Symantec (and all the other AV vendors out there) are waging a PR war to "discover" ever more news-worthy viruses to defend against. To get maximum coverage, your new virus needs to do something unique or different -- make your computer turn green, or infect something previously uninfectable, or whatever it might be. Compare this to Klez, a very basic virus similar in most ways to viruses that have gone before, which is still out there looting and pillaging tens of thousands of computers every day, but isn't ideal for AV vendors because they don't have a monopoly on the cure.
The press is catching on, to some tiny extent at least, that most virus alerts are fictitious and just designed to drum up business for the vendors. But it's far easier to repurpose a vendor's press release and call it a story than to dig into real threats that exist on the Internet, and the causes of those threats. Today, like last year and the year before and five years ago, there are major email-borne virus threats out there. (There are still old-school viruses out there too, transmitted by sneaker-net or by downloading suspicious software, but email is clearly the way to go for the discriminating virus creator.) All the real email virus threats share a few distinguishing characteristics:
They only affect Microsoft Windows. If you aren't running Windows, you are safe.
They're usually transmitted by email. If you know enough on your own, or you've had a half-hour class in "Email 101", you should be able to avoid executing random files received by email.
They auto-execute in Microsoft Outlook or Outlook Express. Microsoft has finally made some progress, after many years, in reducing the vulnerability of their flagship email programs. So if you have a recent or fully-updated version of these programs, you may not be as vulnerable as people running older versions. Nevertheless, this was (and still is, since so many people don't have recent or fully-updated versions) a primary vector.
And that's really it. If you don't run Windows, you're safe. If you have basic email skills, you're safe. If you don't run Outlook, you're safe. That's the story of modern viruses, and fortunately or un-, it's a pretty boring one.McAfee, and Symantec, and everyone else involved in the anti-virus FUD business: lay off. I mean that literally, as in, "Lay off the people you employ for the purpose of drumming up new virus threats." Lay off the public relations people you employ to say things like, "We may have to rethink about distributing JPGs." Lay off the BS. There's a real market for your product, people who (for whatever reason) are using Windows and/or Outlook, and haven't received the half-hour training course necessary to avoid viruses. You can market to them based on your fast responses to real virus threats - you don't need to manufacture any more.
0  |
 Microsoft Security Bullet...
|
Trojan horse.BackDoor.Bla...
|
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
