New computer virus can infect picture files

Discussion in 'malware problems & news' started by discogail, Jun 13, 2002.

Thread Status:
Not open for further replies.
  1. discogail

    discogail Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    151
    "The virus, dubbed Perrun, is not currently infecting computers but worries anti-virus experts...''Potentially, no file type could be safe...''....... because it is the first to cross from program infection into data files, long considered safe from malicious data."


    The article
     
  2. FanJ

    FanJ Guest

    W32/Perrun-A

    Name: W32/Perrun-A
    Type: Win32 worm
    Date: 13 June 2002


    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    Description:

    W32/Perrun-A is a Win 32 executable normally with the name
    proof.exe. When proof.exe is run it drops another executable,
    extrk.exe. It also modifies the registry such that when a user
    double clicks on an .JPG file it runs the extrk.exe instead of
    the originally associated picture viewer.

    The registry entry modified is:

    HKLM\Software\CLASSES\jpegfile\shell\open\command

    When the user double clicks on a .JPG file, extrk.exe is run and
    attempts to download the following files:

    sasearch/balloon.xs1
    sasearch/lclsrh.xml
    sasearch/lclAdv.xml
    sasearch/lclprog.xml
    sasearch/lclrfine.xml

    from the following sites.

    ie.search.msn.com
    sa.windows.com
    se.windows.com

    It then launches the Windows Picture and Fax Viewer to display
    the picture. This is the default viewer under Windows XP.


    Read the analysis at
    http://www.sophos.com/virusinfo/analyses/w32perruna.html
     
  3. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    "First JPEG virus not a threat"

    http://www.theregus.com/content/56/25238.html
     
  4. wizard

    wizard Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    818
    Location:
    Europe - Germany - Duesseldorf
    Nothing really new. Just pure media hype to scare the people. IMHO this is no real threat and concern for the users.

    wizard
     
  5. Marianna

    Marianna Spyware Fighter

    Joined:
    Apr 23, 2002
    Posts:
    1,215
    Location:
    B.C. Canada
    The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors

    http://features.slashdot.org/features/02/06/14/1343223.shtml?tid=166



    14 June 2002

    Picture this: a virus in a JPEG
    Sophos advises on threat posed by new .JPG virus, and urges anti-virus companies to exercise restraint
    Sophos, a world leader in corporate anti-virus protection, today called for the anti-virus industry to act responsibly in light of the discovery of the first virus capable of infecting JPEG graphic files.

    http://www.sophos.com/virusinfo/articles/perrun.html
     
  6. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Here's another benefit of assembler programming - not one single person who understands machine code would be fooled by this nonsense.
     
Loading...
Thread Status:
Not open for further replies.