Friday, June 14, 2002
First JPEG Virus Identified
Posted by Jason Dunn in "OFF-TOPIC" @ 09:00 AM
http://www.pcworld.com/news/article/0,aid,101910,00.asp
I was hoping this day would never come - someone has found a way to use JPEGs as part of a virus. Who are the idiots that write these things? Thankfully, at this stage you need to have an exe file with the virus on your machine as well in order for the virus to spread. Still, this doesn't bode well for the future of graphics on the web - I don't run an antivirus program because I've yet to find one that doesn't slow my system down, but if one day I have to scan every graphic that is downloaded...?
"A new virus can--for the first time--infect image files, says an antivirus vendor. This means the virus could spread through Web site graphics and force antivirus companies to re-engineer their products, McAfee officials say. The virus is not yet in the wild, meaning it is not spreading on the Internet; it was sent by its author to antivirus vendor McAfee Security, a division of Network Associates. McAfee calls the virus W32/Perrun, says Vincent Gullotto, senior director for the McAfee Anti-Virus Emergency Response Team, which received the virus Thursday morning.
The virus is built to spread first as an executable, or .exe, file and then in JPEG image files, Gullotto says. Were it to spread in the wild, W32/Perrun would appear as an executable that would infect JPEGs when it was run, he says. The executable can be transmitted in standard ways, such as by download and via e-mail. The first JPEG viewed after the executable is run will have the virus code appended to it, Gullotto says. The virus will then seek out other JPEG files in the same directory and try to infect them, he says. W32/Perrun is the first virus to infect JPEGs, according to McAfee."
UPDATE: Looks like this thing is likely a clever marketing hoax. I wondered about that, since JPEGs aren't excuted but read, but I certainly don't know everything (perhaps someone could alter Internet Explorer to read and execute EXIF JPEG data as an application...?)
I was hoping this day would never come - someone has found a way to use JPEGs as part of a virus. Who are the idiots that write these things? Thankfully, at this stage you need to have an exe file with the virus on your machine as well in order for the virus to spread. Still, this doesn't bode well for the future of graphics on the web - I don't run an antivirus program because I've yet to find one that doesn't slow my system down, but if one day I have to scan every graphic that is downloaded...?
"A new virus can--for the first time--infect image files, says an antivirus vendor. This means the virus could spread through Web site graphics and force antivirus companies to re-engineer their products, McAfee officials say. The virus is not yet in the wild, meaning it is not spreading on the Internet; it was sent by its author to antivirus vendor McAfee Security, a division of Network Associates. McAfee calls the virus W32/Perrun, says Vincent Gullotto, senior director for the McAfee Anti-Virus Emergency Response Team, which received the virus Thursday morning.
The virus is built to spread first as an executable, or .exe, file and then in JPEG image files, Gullotto says. Were it to spread in the wild, W32/Perrun would appear as an executable that would infect JPEGs when it was run, he says. The executable can be transmitted in standard ways, such as by download and via e-mail. The first JPEG viewed after the executable is run will have the virus code appended to it, Gullotto says. The virus will then seek out other JPEG files in the same directory and try to infect them, he says. W32/Perrun is the first virus to infect JPEGs, according to McAfee."
UPDATE: Looks like this thing is likely a clever marketing hoax. I wondered about that, since JPEGs aren't excuted but read, but I certainly don't know everything (perhaps someone could alter Internet Explorer to read and execute EXIF JPEG data as an application...?)
