[CLUE-Talk] New virus, jpeg infector.

Richard Knechtel rknech at pcisys.net
Wed Jul 3 08:24:19 MDT 2002 

Me and another guy had dabbled in something like this a few years ago at a 
former employer.  We had problems with employees on the night shift 
downloading p0rn. So we created an exe jpeg infector.  What we did was 
infect the jpegs of p0rn pics of specific employees had on their system. 
When they would open them (by double clicking on them in explorer) the exe 
would launch an email to us stating the employee was viewing p0rn. We also 
had it so the exe would search out other jpeg pics and infect them as well. 
Needless to say after hundreds of email and then investigating the users 
machines to verify the jpegs were infact p0rn. They were fired. Worked great.


At 08:57 PM 7/2/02 -0600, you wrote:
>Picked this up on the Risks Digest.  There's a new virus that infects 
>image files, article at 
>http://apnews.excite.com/article/20020613/D7K4F4EG1.html.
>
>"As with any computer threat, the best way to protect a computer is to 
>have updated antivirus software."
>
>That statement is so ridiculous you probably don't want to read the article.
>
>"In its current form, an infected JPG file cannot infect another computer 
>on its own. But Gullotto said there's no reason a virus writer couldn't 
>make the picture itself able to infect other computers.
>
>That evolution should make computer users think twice about sending 
>pictures - or any other media - over the Internet, Gullotto said."
>
>This is brazen FUD, when you follow the URL at the bottom to 
>http://vil.nai.com/vil/content/v_99522.htm and see how the "virus" 
>works.  In short, if you run an executable that hooks itself into the 
>registry then when it opens an image file for you it will run the "virus" 
>the image contains.  Mr. Gullotto (head anti-virus researcher at McAfee) 
>should know better than to call this a new kind of virus.
>
>Unless MS makes this a feature of their next OS, turning images into the 
>next virus delivery mechanism, the way they did with Word and then 
>email.  I guess it's not that farfetched.
>
>Dave
>
>_______________________________________________
>CLUE-Talk mailing list
>CLUE-Talk at clue.denver.co.us
>http://clue.denver.co.us/mailman/listinfo/clue-talk

More information about the clue-talk mailing list