Vulnerability Development: RE: Infected jpeg files?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

RE: Infected jpeg files?

From: "Oliver Petruzel" <opetruzel () cox rr com>
Date: Fri, 9 Nov 2001 01:23:54 -0500

Perhaps an intereting file type to consider would be .bmp considering
the default viewer within windows is MS Paint.  I've never looked at
Paint that closely, but knowing who and what we're used to, it's quite
possible.  As mentioned, it all depends on the viewer.  And if anything
is suspect, my first look would be with default viewers in MS.  Time to
imbed and play... Results or lack thereof to follow.

oliver

-----Original Message-----
From: OBrien, Brennan [mailto:BOBrien () columbia com] 
Sent: Thursday, November 08, 2001 8:56 PM
To: rginski () co pinellas fl us; vuln-dev () securityfocus com
Subject: RE: Infected jpeg files?

Well, just my two cents here... 

Given that images are a major way of transmitting encoded 
data, it stands to reason that the hooks could exist  -- that 
is, it could be a transport mechanism.  However, the viewer 
itself would have to know to look for them and have the 
capability of doing something with them.  In otherwords, just 
cause I'm speaking in Japanese to you doesn't mean you 
understand what I'm saying.  

-----Original Message-----
From: rginski () co pinellas fl us [mailto:rginski () co pinellas fl us] 
Sent: Tuesday, November 06, 2001 5:23 PM
To: vuln-dev () securityfocus com
Subject: Infected jpeg files?

Mailer: SecurityFocus

Is it possible for a virus to infect a jpeg (*.jpg) file, 

then the jpg file to infect other files?...without 

changing the files characteristics? In other words, a 

jpeg file (file.jpg) is infected and it 

remains "infected_file.jpg". It is possible for a file type 

as jpeg to have a payload or cause damage although 

it's just being viewed? Perhaps something like 

steganagraphy...except embedding vbs (or 

something) causing infection by way of the viewer? I 

guess another way of asking the question is:

Is it possible to get infected by just viewing jpeg files?

I realize that's a "wide open question" I just don't 

know how else to explain myself. Thanks in advance 

for your patience and help.

By Date By Thread

Current thread:

Re: Infected jpeg files?, (continued)
- Re: Infected jpeg files? Mathias Dybvik (Nov 09)
- Re: Infected jpeg files? terry white (Nov 09)
  - Re: Infected jpeg files? H C (Nov 09)
    - Re: Infected jpeg files? Thor (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)
  - RE: Infected jpeg files? Oliver Petruzel (Nov 09)
  - RE: Infected jpeg files? Bruce Ediger (Nov 09)
- RE: Infected jpeg files? Chan, Stephen (TIS, Singapore) (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 09)
- RE: Infected jpeg files? Krul Thomas (Nov 09)
  - Re: Infected jpeg files? Rob Pickering (Nov 09)