We have previously reported about MP3 files as potential virus carriers and now another ‘safe’ format joins the group of potentially dangerous files. This time it’s the JPEG (.jpg) image format.
Antivirus companies warned on Thursday of a new virus that communicates through digital images, but security experts aren't sure how much of a threat this latest evolutionary branch of malicious code poses.
Dubbed the first "JPEG infector" by security company Network Associates, the W32/Perrun virus has two parts: infected JPEG images that contain the virus's payload and a viral program that extracts the code from the images and infects other JPEGs on the system as they are opened.
Because PCs have to be infected by the extractor virus before any code hidden in image files can affect them, the program is more a computer-science curiosity than a threat, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.
"We are not saying that this is a problem," Gullotto said. "We gave it a low risk, but we haven't seen anything like this before." A digital image carrying code for W32/Perrun is easy to spot, he said, because the image is corrupted by the new code.
PC users should note that they can't be infected by opening a JPEG image. Rather, a virus on an infected computer copies code into a digital image and waits for the JPEG to get passed along to other infected systems. The virus on those systems will read the code fragment in the JPEG image and follow the instructions. Users who haven't been infected by the extractor virus can open an infected digital image and nothing will happen.
News.com
Dubbed the first "JPEG infector" by security company Network Associates, the W32/Perrun virus has two parts: infected JPEG images that contain the virus's payload and a viral program that extracts the code from the images and infects other JPEGs on the system as they are opened.
Because PCs have to be infected by the extractor virus before any code hidden in image files can affect them, the program is more a computer-science curiosity than a threat, said Vincent Gullotto, vice president of Network Associates' antivirus emergency response team.
"We are not saying that this is a problem," Gullotto said. "We gave it a low risk, but we haven't seen anything like this before." A digital image carrying code for W32/Perrun is easy to spot, he said, because the image is corrupted by the new code.
PC users should note that they can't be infected by opening a JPEG image. Rather, a virus on an infected computer copies code into a digital image and waits for the JPEG to get passed along to other infected systems. The virus on those systems will read the code fragment in the JPEG image and follow the instructions. Users who haven't been infected by the extractor virus can open an infected digital image and nothing will happen.
News.com