New Virus infects image file formats

http://www.mcafeeb2b.com/aboutmcafeeb2b/pressroom/pr_template.asp?PR=/PressMedia/06132002.asp&Sel=1283

June 16, 2002 1:30 AM from

This appending virus is the first reported JPEG infector. It is multi-component in nature, requiring an extractor file to extract (and execute) the virus body from infected JPEG files.

Infected JPEGs are unable to replicate on non-infected machines - ie. machines without the extractor component installed (hooked in the Registry).

McAfee products running the 4185 DATs (or greater) with program heuristics enabled, detect both the virus body (11,780 byte PE) and its extractor component as virus or variant W32/Alcop@MM.

This virus is a proof of concept and it has not been seen in the wild.

9,217 views 8 replies

Reply #1 June 16, 2002 9:17 AM from

WinCustomize Forums Top

Pay special attention to these bits:

"...requiring an extractor file to extract (and execute) the virus body from infected JPEG files.
Infected JPEGs are unable to replicate on non-infected machines - ie. machines without the extractor component installed (hooked in the Registry)."

...which means there is no such thing as a .jpg virus or so. It could hide in _any_ file. Translation: nothing new under the sun. Hype, hype.

Reply #2 June 16, 2002 10:28 AM from

WinCustomize Forums Top

dejavu.

Reply #3 June 16, 2002 11:06 AM from

WinCustomize Forums Top

Now available to cool you off this summer: creamed ice!

One can go and append additional data to lots of files on the system, but you still have to be infected with a binary of the virus in the first place for this to happen.

Reply #4 June 16, 2002 12:59 PM from

WinCustomize Forums Top

Listen to crae on this one... this thing is nothing more then hype, it's not technically a real virus since it requires pre-infection before it can execute .JPG's.

Barely worth mentioning to be honest

Reply #5 June 16, 2002 4:29 PM from

WinCustomize Forums Top

hah i can't believe i wasted my time actually reading that article. Yes McAfee briliant lets scare more people so they'll buy your software.

There is no such thing as a virus that can be transmitted via JPEG's nor will there ever be. The fact that it inserts itself in JPEG's means nothing (unfortunary of course for them)... its kind of like the virus inserting itself into files that are in the recycle bin

Quite retarded. Oh well.

Reply #6 June 17, 2002 11:00 AM from

WinCustomize Forums Top

Crae... Hypothetically speaking:

If a virus scanner couldn't find the binary portion of this tangled mess, (or if the user wasn't running a virus scanner) and it ended up on your machine, wouldn't you then be in danger of d/ling an infected .jpg? Really doesn't sound like an impossibility.

Reply #7 June 17, 2002 10:32 PM from

WinCustomize Forums Top

SOUND COOL>>>> NEVER THOUGHT OF A VIRUS IN THAT FASSION>>>>

Reply #8 June 18, 2002 3:38 AM from

WinCustomize Forums Top

But it still doesn't execute itself. Besides, on the rare occasion that I do run a virus scanner, I scan every file on the system, not just .exes.

Welcome Guest! Please take the time to register with us.

Richer content, access to many features that are disabled for guests like commenting and posting on the forums.
Access to a great community, with a massive database of many, many areas of interest.
Access to contests & subscription offers like exclusive emails.
It's simple, and FREE!