Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pictures (JPEG, etc) and virus infections - Should I be wary?


  • Please log in to reply
6 replies to this topic

#1 Arstone112

Arstone112

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 06 December 2010 - 08:10 PM

I've heard that it is possible for some viruses to infect images such as JPEG, BMP, PNG, you name it, that can possibly infect PC's.

If this is true, does it mean that it is bad practice to, for example, find a funny image on the internet and then Right Click > Save Image As....? Could this infect a PC with a harmful virus or keylogger or something similair? Just to what extent should I be worried by this kind of thing?

Thanks for your replies

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:18 AM

Posted 06 December 2010 - 10:23 PM

Attackers are resourceful creatures. A malicious executable containing viral code can be created and renamed .jpg so that it masquerades as a picture, but while in an image format the code cannot be easily executed and distributed. Attackers look for methods that offer a stealthy way to distribute malware to a wide range of Internet users and image files are not an effective way to accomplish that goal. While there have been proof-of-concept virus reports of such infections, they are rare and not widespread.


The security firm Network Associates (McAfee) in a 2002 report advised of a virus that infected JPEG files.

The W32/Perrun virus...extracts data from JPEG files and then injects picture files with infected digital images....it is the first viral program with multiple parts and the ability to carry viral code from programs into data files. Until now, data files were relatively immune to infection. Not so anymore, say experts.

First Reported JPEG Virus Found
McAfee: New virus is first to infect image files

Perrun is a proof of concept virus that appends itself to JPEG files. In order to run the viral part it modifies the JPEG handler program in the registry and drops a special extractor to the system that extracts and runs the malicious code. In practice it means that the malicious part in a JPEG file will run only if the system is already infected with the virus. A clean system can not get infected from an "infected" JPEG file since that would need the virus to be active on the system already.

F-Secure Virus Descriptions : Perrun

Microsoft released Security Bulletin MS04-028 in September 2004 and a critical patch for a Buffer Overrun in JPEG Processing (GDI+) that could allow code execution.

A proof-of-concept exploit which executes code on the victim's computer when opening a JPG file was posted to a public website on September 17th, 2004...the exploit executed a code that could download and run a file from Internet. However, the JPG file with the exploit has to be previewed locally for the exploit to get activated; viewing a JPG file from a remote host does not activate the exploit.

Exploit:W32/JPG Vulnerability

This security advisory was more of an issue with the Graphics Device Interface than the actual JPEG. For a detail analysis of this exploit, please read A day in the life of the JPEG Vulnerability
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 07 December 2010 - 07:50 PM

But if I was to find an image on a website and use "Save As", would that be a potential way to infect my machine? Or just by doing a simple google image search and viewing images? Because I often Save As funny images that I find for later viewing/sending.

Edited by Arstone112, 07 December 2010 - 09:21 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:18 AM

Posted 07 December 2010 - 09:06 PM

If you right-click on a picture and choose Save Image As...jpeg, gif, etc you don't have anything to worry about.
Just be careful not to left-click as that can open a link to who knows where.

Also keep in mind, that the websites hosting these pics could be a "hosting center" for malicious code, ads and other undesirable surprises. Please read How Malware Spreads - How did I get infected which explains the most common ways malware is contracted and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:18 AM

Posted 07 December 2010 - 09:07 PM

You can always check if a file is really what it appears to be using TrID. You can check JPEG files and it should say JPG with highest percentage.
http://mark0.net/soft-trid-e.html

BTW, you should use an anti-virus like avast! which checks the HTTP traffic (web sites) and wont let you download any malware or other crap.

#6 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 07 December 2010 - 09:21 PM

I use MSE because I heard it is good. Should I be using Avast????

#7 Romeo29

Romeo29

    Learning To Bleep


  • Members
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:04:18 AM

Posted 08 December 2010 - 10:56 AM

Which anti-virus one should use - is a matter of personal preference. I suggested avast! as an example because it scans HTTP traffic. There are other anti-virus products like that too but most of them are paid.
MSE does not scan web traffic. You may switch to avast! if you want to. But again its a matter of personal preference. Different people like different anti-virus products.

You can read quietman7's reply in this post on another thread for good information about choosing anti-virus products.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users