The jpeg standard does not encompass any form of executable code in the jpeg itself. Any code you injected into a jpeg document would not be executed by the viewer. There is one exception to this: If there is a certain vulnerability/problem with a particular jpeg viewer, then it is theoretically possible to cause various forms of overflows, and possibly executing code in the viewer/client environment, by extremely carefully crafted pictures. This carefully crafted code would then have to have enough payload to reproduce, i.e. introduce a copy of itself into another jpeg file. This scenario sounds like it has probability greater than zero, yet would be very hard to implement reliably. Any implementation would likely only work on one particular version of one particular jpeg viewer, possibly only on one particular machine/software configuration. More fun use of jpeg viewer problems would probably be to upload jpegs to your web site that selectively crashed viewers/browsers you don't like. :) Steganography is information hiding. Your problem is not to hide information, but to have that information interpreted as code, and executed. The classic *illusion* of an executable jpeg, however, is the "my_picture.jpg.vbs" trick, which fools a lot of windows users that are using default settings in their file viewer. If you have "hide known extensions" enabled, then yes, it *is* possible to get infected by opening a file that *seems to be* a jpg file (but it isn't). Mathias Dybvik On Wed, Nov 07, 2001 at 01:22:40AM -0000, rginskiat_private wrote: > Mailer: SecurityFocus > > Is it possible for a virus to infect a jpeg (*.jpg) file, > then the jpg file to infect other files?...without > changing the files characteristics? In other words, a > jpeg file (file.jpg) is infected and it > remains "infected_file.jpg". It is possible for a file type > as jpeg to have a payload or cause damage although > it's just being viewed? Perhaps something like > steganagraphy...except embedding vbs (or > something) causing infection by way of the viewer? I > guess another way of asking the question is: > > Is it possible to get infected by just viewing jpeg files?
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 00:30:41 PST