From what I've heard, in the cases of steganography the image is not actually dangerous in the normal sense, you could download the image without risk BUT if you run any exe files by the image's evil author then those exe files, will find that image and use it's code to inform themselves of what to do next. The virus arrives in two parts, an executable part (which might execute by driveby, by exploiting a program or by tricking the user into running it) and an image (which secretly holds instrcutions for the executing part). That means the executing part can't set off antivirus scanners because it isn't doing anything malicious (it's just following orders to "find the image example.jpg, read the steganographic code hidden in it and then do what that code tells it"), the malicious orders are hidden within the image, but they can't do anything without the executable running and reading the malicious instrcutions.
In the case of images designed to exploit software, and then run malicious code themselves, the image is dangerous alone, because it is able to execute itself, due to bugs in the software which is used to open it. Theoretically it should be impossible for an image to be a virus, images are non-executable code, they don't give instructions telling computers what to do, they should just get read by image viewing software and then the image viewing program turns their code into a pattern on screen. BUT because nobody's programming is ever perfect all real world image viewing programs have a chance of having flaws in their code, mistakes in their design meaning that it is possible for certain codes to cause them to act strangely. Think of an image viewing program as being a black box, in goes a string of data read from the image file, out comes a pattern of pixels on screen, and what if this box had a mistake in it's design that if the code "d0dgy-c0d3" ever gets read in the input string of data then the box decides to treat all further instructions as being orders for actions, not just code for pixels. An attacker could make a specially crafted image file with the code "d0dgy-c0d3" in it's data somewhere and after that a series of malicious instructions. Then when the data of the image file goes into the black box of the software it reads the pixels as usual, then it reads the code "d0dgy-c0d3" and after that it treats ubsequent code as executable rather than as beng the pixels of an image, and the attacker now has whatever code he wrote after the line "d0dgy-c0d3" running as an executable on the victims computer. This is why image viewing/editing software needs updates every so often to patch it and stop malicious images from being able to run code. If you look back over the description pages of security updates which windows has released over the last few months you'll notice some of them are to deal with specially crafted jpg ad png images, those updates are designed to make sure that image viewing programs within windows and IE do not treat code that confuses them as being executable. Fortunately, because it is much harder for attackers to find the necesary bugs in image viewing programs than it is for them to spread viruses by tricking people into running exe files which the user thinks are images (see next paragraph), this sort of attack is fairly rare.
The other thing to consider is images wth faked double extensions. Imagine a file called picture1.jpg.exe , most users would not see the second extension because (unless you change it's setting to "display full file extensions even for known file types" within folder options, you should change this setting now)windows would only show the first extension. On top of that many users might not even realise the significance of different file extension types, so even if they did see this they might not realise that the file is dangerous. The second extension is the real extension, but as most users would only see the first, and might even then not realise what it means, users would open the exe file thinking it was a picture, and get a horrible shock when it turned out to be a program in disguise.
In the case of your brother's phone I think images are the least likely way for it to get infected, more probable causes are: drivebys and malvertising, malicious apps (pretending to be legitimate) which somehow snuck into the relevant app store, malicious apps(pretending to be legitimate) sideloaded from outside the app store, a virus getting onto it when it was plugged into an infected device via connection cable. Even though images are not a likely way for the virus to have arrived I would still suggest it is not safe to copy the images off of the phone onto a computer because although the images might be perfectly safe the act of connecting a potentially infected phone to a computer might well be enough for the phone to infect the computer by autorun/autoplay type methods.
Edited by rp88, 27 April 2015 - 12:42 PM.
Back on this site, for a while anyway, been so busy the last year.
My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB