Vulnerability Development mailing list archives
RE: Infected jpeg files?
From: "Chan, Stephen (TIS, Singapore)" <stephen_chan () sg ml com>
Date: Fri, 9 Nov 2001 16:31:37 +0800
I'm just being far-fetched but what if the 'infected' jpeg contains activation code/commands embedded using steganography. It wouldn't contain executable code, but contains instructions for already resident worms/trojans such as Nimda/codeRed. Whoa! A whole new medium for controlling zombies. No vulnerability needed. Just plain old email. 1. Send the trojan/worm via email 2. Send the activation code embedded in a jpeg. Stephen -----Original Message----- From: Oliver Petruzel [mailto:opetruzel () cox rr com] Sent: Friday, November 09, 2001 2:24 PM To: vuln-dev () securityfocus com Subject: RE: Infected jpeg files? Perhaps an intereting file type to consider would be .bmp considering the default viewer within windows is MS Paint. I've never looked at Paint that closely, but knowing who and what we're used to, it's quite possible. As mentioned, it all depends on the viewer. And if anything is suspect, my first look would be with default viewers in MS. Time to imbed and play... Results or lack thereof to follow. oliver
-----Original Message----- From: OBrien, Brennan [mailto:BOBrien () columbia com] Sent: Thursday, November 08, 2001 8:56 PM To: rginski () co pinellas fl us; vuln-dev () securityfocus com Subject: RE: Infected jpeg files? Well, just my two cents here... Given that images are a major way of transmitting encoded data, it stands to reason that the hooks could exist -- that is, it could be a transport mechanism. However, the viewer itself would have to know to look for them and have the capability of doing something with them. In otherwords, just cause I'm speaking in Japanese to you doesn't mean you understand what I'm saying. -----Original Message----- From: rginski () co pinellas fl us [mailto:rginski () co pinellas fl us] Sent: Tuesday, November 06, 2001 5:23 PM To: vuln-dev () securityfocus com Subject: Infected jpeg files? Mailer: SecurityFocus Is it possible for a virus to infect a jpeg (*.jpg) file, then the jpg file to infect other files?...without changing the files characteristics? In other words, a jpeg file (file.jpg) is infected and it remains "infected_file.jpg". It is possible for a file type as jpeg to have a payload or cause damage although it's just being viewed? Perhaps something like steganagraphy...except embedding vbs (or something) causing infection by way of the viewer? I guess another way of asking the question is: Is it possible to get infected by just viewing jpeg files? I realize that's a "wide open question" I just don't know how else to explain myself. Thanks in advance for your patience and help.
Current thread:
- Re: Infected jpeg files? (viruses), (continued)
- Re: Infected jpeg files? (viruses) Jonathas Diogenes Castello Branco (Nov 10)
- Re: Infected jpeg files? Brad (Nov 10)
- Re: Infected jpeg files? J Edgar Hoover (Nov 09)
- Re: Infected jpeg files? Mathias Dybvik (Nov 09)
- Re: Infected jpeg files? terry white (Nov 09)
- Re: Infected jpeg files? H C (Nov 09)
- Re: Infected jpeg files? Thor (Nov 09)
- Re: Infected jpeg files? H C (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)
- RE: Infected jpeg files? Oliver Petruzel (Nov 09)
- RE: Infected jpeg files? Bruce Ediger (Nov 09)
- RE: Infected jpeg files? Chan, Stephen (TIS, Singapore) (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 09)
- RE: Infected jpeg files? Krul Thomas (Nov 09)
- Re: Infected jpeg files? Rob Pickering (Nov 09)
- Re: Infected jpeg files? zen-parse (Nov 09)
- RE: Infected jpeg files? Brass, Phil (ISS Atlanta) (Nov 09)
- RE: Infected jpeg files? Thor (Nov 09)
- Re: Infected jpeg files? Oliver Bleutgen (Nov 11)
- strange thing happend to me Sould3mon (Nov 12)
- RE: strange thing happend to me Oliver Petruzel (Nov 12)
- strange thing happend to me Sould3mon (Nov 12)
- Re: Infected jpeg files? Pete Simpson (Nov 12)