[Pat]

Read about it here.

The JPEG format is a curious one. You can literally stick anything in it, provided the file headers are correct --so it was only a matter of time. Last year I ran across a JPEG file that literally contained 2 distinct images. The file decompressed and displayed normally. On the surface you'd never know anything was amiss. However, something was wrong with the file because it was about twice the size it should have been for the level of compression it showed. With a little rooting around, it became evident there was additional image data in the file. Turns out, with the correct application, this piggybacked data could be accessed and viewed as an entirely seperate image. Weird.

I guess in the future our image viewers and browsers will have to scan the JPEG decompression process for additional data. Great... like they weren't slow enough as they were.

-Pat

[ June 14, 2002: Message edited by: Pat ]

[Tiger Eaten]

The .TXT format is a curious one. You can literally stick anything in it, provided the file headers are correct --so it was only a matter of time. Last year I ran across a .TXT file that literally contained 2 distinct words. The file decompressed and displayed normally. On the surface you'd never know anything was amiss. However, something was wrong with the file because it was about twice the size it should have been for the level of compression it showed. With a little rooting around, it became evident there was additional word in the file. Turns out, with the correct application, this piggybacked data could be accessed and viewed as an entirely seperate word. Weird.

I guess in the future our text viewers and browsers will have to scan the .TXT decompression process for additional data. Great... like they weren't slow enough as they were.

-Tiger


( Ok, so that's not funny. Sorry Pat. )

You can throw virus code into just about anything. The trick is to get it to execute and there is no risk of that happening with the .jpeg format. I believe the article itself says that towards the end.

[ June 14, 2002: Message edited by: Tiger Eaten ]

[Awetopsy]

theoretically... if you dropped virus code into a jpeg file, and made it execute when one of Photoshops jpeg opening Macros executed the jpeg file... you might be able to do it... (Im definitely not a programmer, so Im really talking through my teeth here.)


I still think people who make Virii should be shot.

[Pat]

I think perhaps you're failing to understand the magnitude of the problem. Because JPEGs are so widespread, once the format becomes compromised, your life can become a living virus hell of new proportions.

While the JPEG's themselves are only the carriers of the viral information, the methods to trigger the malicious code are many.

Here's an interesting scenereo: You open Internet Explorer and visit a respectible site like Sijun. Unbeknownst to you or the site owner, the site has been hacked and the titlebar graphic is now the exact same JPEG you expect, but is now 4k larger. It also contains code to erase your hard drive.

Because of Internet Explorer's numerous vulenerabilities, scripted HTML code can be run locally on your machine by spoofing privileges. Or, alternately, code of the hacker's choice can be executed by flooding IE or tricking it to think certain file types need to be decompressed. Most of IE's vulenerabilities require hackers to know exactly where on the hard drive the code they wish to execute is. How convenient for them that your browsed JPEG files are stored in a cache file, uniformly located on all machines running Windows.

Properly executed, merely visiting a web site can set in motion a series of events that can infect and trigger viral code. In our example, as you're reading this message your hard drive could be rapidly disappearing.

That's just ONE of the obvious methods that comes to mind. I don't think that's funny at all.

-Pat

[Tiger Eaten]

quote

Quote:

I think perhaps you're failing to understand the magnitude of the problem.

[egerie]

Hmm "execute" is the keyword here. But as awetopsy said.. it might be possible to infect a program when opening a file in a certain app. Like .DOCs in Word for example ?

Hmm interesting.

[Pat]

Tiger Eaten, if all you can contribute to this topic is mockery and derision I'll thank you to shut the fuck up in my thread. I'm sure there are others who are interested in this.

-Pat

[the_monkey]

hmm. so lets say jpegs do become compromised due to virus infections, what do we do then? scan every picture, or resort to a new form of image compression?

[Nilwort]

Why do you all live in fear of viruses?!

I've never had any problems with viruses and I download all sorts of files from the internet, never used anti-virus programs either. Even if one does erase my hard drive I make backups nearly every week of important stuff...And even if a virus did manage to mess with my bios settings (even though I have a virus write protect warning on) and destroy my harddrive by messing with the magnetic header settings (if it's even possible to do damage that way) Then I'll take that as a sign that it's time to give up using my computer and maybe go fishing FOREVER!...not realy...but anyway...my point is, Do not fear the virus, OR IT HAS ALREADY WON! The data on your harddrive is expendable, if a virus messes with it...format c: and everything is ok.

[Pat]

Yes, there was a previous hoax JPEG virus. Ironic, huh?

This new virus isn't a hoax. Please check out Symantec's virus definition for W32.Perrun for details.

Sorry if I sound like I'm losing my cool, but I'm intensely curious about this development. I'm all for a fun and jokes, just not at the expense of derailing the topic.

-Pat

[[Shizo]]

Damn viruses. Does anybody else keep getting 129KB emails w/ viruses in them? Because i do hehe.

[Guy]

McAfee and Symantec have had a habit of creating these virus scares so they can sell more of there product when sales are low.

[Coaster]

I agree with Tiger.
It's juuuust a scare created by the media.

"argueing on the interent is like the special olympics, even if you win your still a retard." -some retard

[Impaler]

I got my very first virus in the email 3 days ago in my 7+ years of using the internet. I deleted it.

Although, I do have a version of Netbus server on my hard drive that I can't delete.

[Loki]

http://features.slashdot.org/features/02/06/14/1343223.shtml?tid=166


Amen.

[glody]

wanna solve all your world problems??

have one computer...used for....art drawing whatever you do that brings you income....keep that UNHOOKED TO THE INTERNET or any typle of broadband service....also make back ups....either be another harddrive, zip disks/cd or dvd burning....

purchase a second computer soley for the use of browsing the internet or anything else...posting on sijun even!!

so if anything gets messed up with the one computer..you know your "workstation" will be in pristine shape.

...for those who have just one computer...please pray....

[Pat]

I just read two more articles on the virus here and here. The general consensus seems to be that current virus checkers can and will be updated to check for the problem. Sadly, signs point to this being merely the first prototype. It sounds easy enough to stop, but using JPEGS as an attack vector opens up an entirely new class of potential weaknesses. Historically speaking, despite the widespread information and precautions taken, similarly easy-to-stop virii have caused billions of dollars in damages. Please recall Melissa, SirCam, Lovebug and Code Red.

-Pat

[ June 14, 2002: Message edited by: Pat ]

[Tiger Eaten]

*sigh*

Ok, Pat. Here's my contribution in two parts:

1. The .jpeg format (standardized) has been around since 1990.

2. The .jpeg virus hoax has been around since 1994.

link 1

link 2

I am a reasonable guy, so please keep your cool in the future.

[ June 14, 2002: Message edited by: Tiger Eaten ]

[Frost]

Well, most file formats have ways to encode viruses in them, however, that doesn't mean that they are potentially harmful.

Images, videos, wave or music files can contain viruses, but they cannot spread on their own. In order for a virus to spread, it needs to be executed in the machine's NATIVE opcodes/instructions (ie, PC viruses will not work on Mac, etc.). Unless a program is stupid enough to jump it's executing processing inside a data structure of such a file, there's hardly a chance for such things to happen. The only other possible way this could happen, and this is how many other previous virus attacks worked, is by overflowing certain badly programmed applications memory buffers and overwriting executable code in memory by virus code, so that when the application gets to run that part of it's [now virus corrupt] code, the virus would spread. This is a VERY very long shot, and no properly written application should ever allow for that (buffer overruns, memory leaks, etc).

I think we are very very safe from such hazards.

[vigilo]

What Frost said.

Never played around with JPEG but you can also stick sectors of miscelaneous data in a GIF. It has specially defined blocks for it. Sorta like an image cookie or various extensions or special instructions. You could store some harmful instructions there too.. but i don't think there are any stupid viewers that would be foolish enought to run them...

[[Shizo]]

haha! you're all screwed :0

[Akolyte]

can you get AIDS from the internet?

[Axl]

Talking about the companies creating a scare to boost sales is a fair comment in some respects but I've just updated my virus definitions for norton and have discovered a jpg file containing something. The file was called com3[1].jpg and it was causing loading problems for photoshop and IE. This was the first virus I've got in 6 years of owning computers and I haven't got a clue how it got on to my hard drive as it wasn't something that I downloaded.

[Dr. Bang]

there's already a JPG virus that unfortunately, most of us have seen it.


hello.jpg

[Frost]

Hey! Why'd you post that? Now I can't even open jpg files! I click on them and they don't do anything!

Oh wait, it's just the one. Vicked trick mein friendt.

[Pat]

Dragging this topic back from the grave with a timely update:

"Microsoft, which recommended immediate updates, said the newly discovered vulnerability could allow remote-code execution thanks to a buffer-overrun vulnerability in the processing of JPEG image formats.

An attacker who successfully exploited the vulnerability could take advantage of a logged-on user to take complete control of a system, allowing installation of programs, viewing, changing or deleting of data, or even creation of new, privileged accounts, Microsoft said."

read article here


"Newly discovered", my ass...


-Pat

[stacy]

I don't know why everone is in such a panic
about having a virus.
In all the time I've used a computer, I've
NEVER had a virus.
In fact, I don't think I even know anyone
who's ever had a vir#%'')''#..yyZp'''$;xR..'Q-sYqUy~
~@Jm'S7q#fm*((vIs+&m_fZ%mk............

[Awetopsy]

^
^

Lol

[Giant Hamster]

Nilwort:

A quick survey, if you'd be so kind:

1. Are you on dial up or broadband?

2. Do you have a firewall?

3. What version of Windows are you running?

4. How long have you been running your current installation of windows? (the timespan since you most recently installed windows to the present)

5. Do you use Peer-2-Peer sharing applications?

6. What internet browser do you use?

Lastly, If you would: http://www.antivirus.com Go there and run the Free Online scan.

It's not a 100% perfect test, but I'm curious about the results. Lemme know what turns up, if anything! :D

Thanks!

[Giant Hamster]

Wow.

This is old as shit, isn't it?

Fuck. HAHAHA.

Damn you, Pat. You've ressurected a thread from 2002. Die.