Users question McAfee JPEG virus alert


Users question McAfee JPEG virus alert

Users and antivirus vendors are questioning the seriousness of a virus announced earlier this month by McAfee Security.

On 13 June, McAfee issued a press release about the W32/Perrun virus which is the first virus to infect JPEG image files, McAfee said.

Perrun, which McAfee received from its author, uses an executable file to infect image files and then tries to spread the infection to other image files in the same directory, according to McAfee. The virus requires the presence of the executable and cannot work without it, McAfee said.

The discovery of the virus could lead to the rearchitecting of antivirus programs, as well as possible mutations that could see the virus executable embedded in image files and on the Web, said Vincent Gullotto, senior director for McAfee Anti-Virus Emergency Response Team (AVERT), at the time.

Since McAfee's announcement, users on Web pages and e-mail lists have disputed Gullotto's statement that executable files could be embedded in JPEGs.

"Viruses are more than just pieces of self-replicating code, they need to be delivered in such a way that causes them to be executed," wrote Kevin Austin, assistant professor of Computer Science at Fitchburg State University.

"JPEG files are never executed. They are instead opened as data files by application programs," he wrote. Applications do not look for executable code in data files and therefore, would not run it, he said.

Images that contained executable code would either appear damaged or would not open at all when double-clicked, wrote David Stidolph, a programmer and consultant.

"Images may or may not appear 'damaged', but in no case will any of the picture code be executed, so you could never replicate a virus this way," he wrote.

Sophos, an antivirus firm that competes with McAfee, issued a press release at the time discounting the seriousness of the virus.

Sophos had the virus in its labs two days before McAfee announced its existence, but chose not to say anything because the virus was "really just a proof-of-concept... a real nonevent", said Chris Wraight, technology consultant at Sophos.

However, Gullotto has not backed down from McAfee's original warning. McAfee "still [stands] behind what we said", he insisted.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy