Picture This: A Virus in a JPEG
Sophos advises on threat posed by new JPEG virus, and urges anti-virus companies to exercise restraint
Sophos, a world leader in corporate anti-virus protection, today called for the anti-virus industry to act responsibly in light of the discovery of the first virus capable of infecting JPEG graphic files.
The virus, known as W32/Perrun-A, was sent directly to the anti-virus community by its author and is considered to be a “proof of concept”. It spreads in the form of a traditional Win32 executable virus (usually called proof.exe), making changes to the Registry to mean that JPEG (.JPG) graphic files are examined by an extractor (called EXTRK.EXE) before they can be viewed. If the extractor finds viral code inside the graphic file it is executed.
“Some anti-virus vendors may be tempted to predict the end of the world as we know it, or warn of an impending era when all graphic files should be treated with suspicion. Such experts should be ashamed of themselves,” said Graham Cluley, senior technology consultant for Sophos Anti-Virus. “Not only is this virus not in the wild, but also graphic files infected by this virus are completely and utterly harmless, unless they can find an already infected machine to assist them. It’s like a cold only being capable of making people who already have runny noses feel ill.”
“The virus relies entirely upon you running an infected EXE file, which is hardly rocket science,” continued Cluley. “Yet we are already seeing reports suggesting that this virus could spread via websites containing so-called ‘infectious’ images. This sounds like scare-mongering about image files to me.”
Sophos has issued protection against W32/Perrun-A to customers concerned by the media reports and alerts from other anti-virus vendors, and made it available on its website at: http://www.sophos.com/virusinfo/analyses/w32perruna.html