Join 3,501 readers in helping fund MetaFilter (Hide)


First JPEG virus discovered...
June 14, 2002 10:08 AM   Subscribe

First JPEG virus discovered... "The W32/Perrun virus, as it is now being called, extracts data from JPEG files and then injects picture files with infected digital images. A fair warning to those individuals who are fond of sending multimedia files to friends and families." Is everyone's porn stash threatened now?
posted by darian (28 comments total)

 
"Computers running on Microsoft Windows are particularly vulnerable to Perrun, say experts."

You just gotta love the Mac...
posted by darian at 10:13 AM on June 14, 2002


Slashdot's commentary on this subject is really all that needs to be said. This article is so totally bogus.
posted by ookamaka at 10:15 AM on June 14, 2002


"Sending multimedia files"???

JPEG's contain no executable code. Don't stop sending those wacky cat JPEGs to your friends, folks. Might want to cut out those .exe's, though.
posted by Succa at 10:16 AM on June 14, 2002


"the virus arrives via email or a floppy disk as an executable file"

Floppy disk?
posted by magullo at 10:16 AM on June 14, 2002


Boing Boing is discrediting the reports, too.
posted by waxpancake at 10:17 AM on June 14, 2002


According to the article, first you have to run an executable which then extracts the payload from the JPEGs. Assuming I'm reading that right, and I'm not sure that I am, how is this different from any other virus?

It's not like you open a picture your friend sent and now you're infected. You were already infected and the picture just carries the payload. In fact if you can get somebody to run an executable on their system, then what is the point of sending the payload in a separate file?
posted by willnot at 10:18 AM on June 14, 2002


"Typically, the virus arrives via email or floppy disk as an executable file" (emphasis mine)

This is not a JPEG virus, this is a virus that happens to attack JPEG images after it has executed, or am I mistaken here? This seems like a misleading headline, or a badly written story (or both).

Also, "Computers running on Microsoft Windows are particularly vulnerable" is a terrible sentence. Why is the word "particularly" in there? Can you run a virus-laden (or even clean) .exe file on linux or a mac? People running windows are the only people that are vulnerable.
posted by mathowie at 10:19 AM on June 14, 2002


darian, the short answer is no.

mind you, JPEGs could be used to transmit virii. you would require a special decompressing program (or library, which would make more sense) that would, in addition to displaying an image, perform whatever viral actions it is designed to. but if you have that, the JPEG-as-carrier sounds like bullshit, since the program could act mostly when and however it pleased.

never forget: nothing happens without a executed process of some kind. JPEGs are not "executed". the worst case scenario for a JPEG would be if somehow an image's information could overrun a buffer and write into the code of the program itself, but this would likely be architecture-dependent and program-dependent. and also really, fucking hard to do. have no fear.
posted by moz at 10:20 AM on June 14, 2002


This article is about 2½ months late. Did you read it in the Beijing Evening News?
posted by crunchland at 10:28 AM on June 14, 2002


Okay... I might have been clearer in the post... it was my understanding that this virus attacked and corrupted images... (thus the "is everyone's porn stash threatened now")
posted by darian at 10:33 AM on June 14, 2002


"Don't stop sending those wacky cat JPEGs to your friends, folks. Might want to cut out those .exe's, though."

Then again, it's trivial to disguise/describe an .exe as a .jpeg... after all, most uninformed recipients just double-click, double-click, double-click...

(I'm surprised simple trojan horses like that aren't more prevalent actually.)
posted by Fofer at 10:53 AM on June 14, 2002


"...announced Thursday by security firm Network Associates and other antivirus companies"

Who would profit from such a virus (or even a scare about such a virus)? There have been news blurbs about this virus on both TV and radio in the last couple of days. It behooves those who make their living battling virii to have new scares to throw into the consumers.

darian & mathowie: such a virus could affect a Mac running Virtual PC. You may not lose your entire system, but fixing that VPC installation can be as painful as fixing a PC.
posted by joaquim at 11:02 AM on June 14, 2002


Before I worked in an office, I never worried about the computer-virus-of-the-week. I just deleted any .exe files I received. Then I started working here, with people who double-click everything on their Windows box... including html links and form sumbissions... and I new true terror.
posted by krewson at 11:15 AM on June 14, 2002


or knew.
posted by krewson at 11:15 AM on June 14, 2002


Krewson: it pays to be a cynic. Nothing scares you. Everything's just more proof that the human race is not as smart as it thinks it is...
posted by Dark Messiah at 11:28 AM on June 14, 2002


Even though the article is misleading, most of the people here probably aren't going to be concerned. However, there are many people that will read the article and delete every JPEG on their system because they are terrified of getting a virus. People who use technical jargon to cloak their BS in order to mislead non-technical people are worse than any virus.
posted by jaden at 11:35 AM on June 14, 2002


didn't the I Love You virus attack JPEG files? I was working at an advertising agency at the time, and I remember that we were all relieved we were on Macs, because had we been on PCs and received the virus, we might have lost all our image files (quite a tragedy for an ad agency)
posted by LuxFX at 11:56 AM on June 14, 2002


joaquim:

Then again, it's trivial to disguise/describe an .exe as a .jpeg... after all, most uninformed recipients just double-click, double-click, double-click...

it's been my impression that windows associates file extensions with other programs. wouldn't double-clicking on a jpeg file still try to run the associated program, and not execute the jpeg's code directly? that would seem logical, but i can't tell you for sure that's what microsoft does.
posted by moz at 12:02 PM on June 14, 2002


Bad Mcafee, bad. *slap*
posted by aaronshaf at 12:24 PM on June 14, 2002


that would seem logical, but i can't tell you for sure that's what microsoft does.

That is what it does. But lots of folks like to try the old "filename.JPEG.exe" route, which catches more people than you'd believe. The solution is to use a good mail client, and to not be an uninformed twit. Unfortunately many people are 0-for-2 there.
posted by Succa at 1:12 PM on June 14, 2002


Moz - Windows does you a favor and hides the file extensions by default, so you don't know if it's .jpg or .exe. Particularly if the file is named something like "thekids.jpg.exe" which is basically what a lot of the mail born trojans do. With the default filing settings, that file name would read "thekids.jpg".

Of course the people who are most at risk for this kind of thing don't know the difference anyway, and they certainly don't know all of the file extensions that could contain malicious code. (I doubt that I know all of them for that matter - though I know enough not to click on it if I don't know what it is).

Not to slag MS to hard. Apple's file types have pretty much always been hidden - at least until OS X, and I'm still not 100% sure how they handle it in there.
posted by willnot at 2:35 PM on June 14, 2002


Sorry Succa - I don't know how I missed your post what with it comming 20 minutes before mine and all.
posted by willnot at 2:39 PM on June 14, 2002


kournikova.jpg.exe
posted by crunchland at 2:39 PM on June 14, 2002


Is everyone's porn stash threatened now?

Not until the virii start targetting MPEGs, MOVs, and AVIs, no.
posted by SiW at 2:52 PM on June 14, 2002


Floppy disk?
Tell me your postal address.
posted by holloway at 3:10 PM on June 14, 2002


kournikova.jpg.exe

*Clicks furiously on text, like hyperactive monkey hopped up on goofballs, to no avail*
posted by stavrosthewonderchicken at 5:26 PM on June 14, 2002


However, there are many people that will read the article and delete every JPEG on their system because they are terrified of getting a virus.

does this mean with less supply, my pr0n stash is now more valuable? cool!
posted by lescour at 5:50 PM on June 14, 2002


when is the first apple script that trashes a bunch of stuff going to be written?
posted by tomplus2 at 7:27 AM on June 17, 2002


« Older Lots of Robots...  |  "Islam was founded by Muhammad... Newer »


This thread has been archived and is closed to new comments