ultimate evil?

[butterfly_kisses]

Quote:

Originally posted by Ethen
Harby, please delete your registry and reboot.

I think what your refering to is W32/Perrun.

The way you typed your post is completely stupid. The dramatics and "news from darker net characters!" do nothing to back up your post and only add to hysteria.

RTFM: Perrun turns JPG files into a kind of "archive format", wherein JPGs can become "carriers" of (potetially) malicious code But the virus has and needs 2 parts to surive. The second part of the virus acts as a "extractor" kinda like winzip. A .jpg being a carrier is a more accurate way to think of Perrun's modifications to JPGs.

Ever heard of .zip files that have been infected with a virus? Whoa! you have? Of course, who hasn't. A virus "injecteing" an infected file or dropper into the ZIP file! What a concept. lol.

Going on dummy oppinions the slide from the infected zip idea, to "Perrun infects JPG
files" is a short one.

So you can infect .jpg files. I can execute your "infected jpg" as long as I want on my PC. Aslong as the pc is not compromised, and the second part to the virus is missing, I will never get infected. Its not as simple as simply having a jpg image that once viewed instanlty infects a pc.

Sure some people have had images that have seemed to be responsible for an infection or triggering a virus alert, but those arent images or Perrun, they are a whole diffrent thing. image.jpg.exe usually. Yep doubble extesnions. What a crazy thing.

Back to Perrun though, JPG files are not "executable" thats important to remember. Once affected by
extrk.exe, though (re:the second part thing) a JPG file carries an inactive copy of the part of Perrun's
code that modifies other JPG files. However, that code is only ever activated if extrk.exe is used to "view" the JPG file. So it isnt really doom and gloom like the media and other sources around the net (or harbyngers) are making it out to be.

You can use additional registry keys checks in startup if your extra worried about infected jpgs and that jazz, or use one of the many image file cleaners out there, to remove any extra crap if you think a jpg might be carrying extra bagage.

If everyone also knows theres also a comment part in a jpg header thats lets you add extra crap that can be ingonred by the viewers. Most common is the appending of an exe. Although JPG viewers will ignore it when they get to the end of the stream of compressed image data. so its pretty pointless. Most will also tell you that the file is actually longer than it should be.

And if additional code is appended not imbedded, and it can be removed by opening then saving the JPG file in a graphics program such as Paint Shop.

But this whole jpg thing is not new or amazing concept stuff. Try runing a bot through a large binary news group. you will be amazed at the amount of "data" that has been added or stegnated into those pics. Some malware, some not.

Even Adobe Photoshop, adds data to jpg's, texts such as File written by Adobe Photoshop, Creator: PolyView(R) Version 3.32 by Polybytes Blah, Blah, and other color management data.

Why is kinda puzzling as viewers like Internet explorer dont even use this extra data and just trash it when displaying the images.

In summary, it all comes down to if a computer is compromized or not.

If a system is trojanized or exploited any other way, in Perrun's case, the "extractor", *nothing* is actually really safe, executable or data files. Viral evilness can be stuffed in whatever file you want, with a ".txt", ".jpg" or ".harbynger" extension, as long as a hook up is made on the PC to the viewer's execution, then you can be carrying out infections.

Its like saying, running a basic kiddy trojan on someones computer is the king of hacking.

there is some good info there....thanks, ethen.