New computer virus can infect picture files

"The virus, dubbed Perrun, is not currently infecting computers but worries anti-virus experts...''Potentially, no file type could be safe...''....... because it is the first to cross from program infection into data files, long considered safe from malicious data."


The article

 

W32/Perrun-A

Name: W32/Perrun-A
Type: Win32 worm
Date: 13 June 2002


At the time of writing Sophos has received no reports from users
affected by this worm. However, we have issued this advisory
following enquiries to our support department from customers.

Description:

W32/Perrun-A is a Win 32 executable normally with the name
proof.exe. When proof.exe is run it drops another executable,
extrk.exe. It also modifies the registry such that when a user
double clicks on an .JPG file it runs the extrk.exe instead of
the originally associated picture viewer.

The registry entry modified is:

HKLM\Software\CLASSES\jpegfile\shell\open\command

When the user double clicks on a .JPG file, extrk.exe is run and
attempts to download the following files:

sasearch/balloon.xs1
sasearch/lclsrh.xml
sasearch/lclAdv.xml
sasearch/lclprog.xml
sasearch/lclrfine.xml

from the following sites.

ie.search.msn.com
sa.windows.com
se.windows.com

It then launches the Windows Picture and Fax Viewer to display
the picture. This is the default viewer under Windows XP.


Read the analysis at
http://www.sophos.com/virusinfo/analyses/w32perruna.html

 

"First JPEG virus not a threat"

http://www.theregus.com/content/56/25238.html

 

Nothing really new. Just pure media hype to scare the people. IMHO this is no real threat and concern for the users.

wizard

 

The sleaze has gotten out of hand; it's time to roast a group of 20 or so companies whose profits are directly linked to creating fear in their customers, who have to keep discovering new sources of fear to improve their bottom line - or in the absence of new discoveries, keep inventing new sources of fear. Yes, it's time to take on the anti-virus software vendors

http://features.slashdot.org/features/02/06/14/1343223.shtml?tid=166



14 June 2002

Picture this: a virus in a JPEG
Sophos advises on threat posed by new .JPG virus, and urges anti-virus companies to exercise restraint
Sophos, a world leader in corporate anti-virus protection, today called for the anti-virus industry to act responsibly in light of the discovery of the first virus capable of infecting JPEG graphic files.

http://www.sophos.com/virusinfo/articles/perrun.html

 

Here's another benefit of assembler programming - not one single person who understands machine code would be fooled by this nonsense.