Follow us on...
Follow us on Twitter Follow us on Facebook Watch us on YouTube
Results 1 to 2 of 2
  1. #1
    Hot For Teacher
    Join Date
    Favorite VH Album

    Fair Warning
    Favorite VH Song

    Last Online

    12.31.69 @ 04:00 PM
    Liked 0 Times in 0 Posts

    Wash Post: New Virus Can Infect Picture Files

    By D. Ian Hopper
    AP Technology Writer
    Friday, June 14, 2002; 2:43 PM

    WASHINGTON A new virus threatens to strike one of the Internet's most common and useful activities: sharing family photos.

    The malicious program is the first ever to infect picture files, though it is not currently attacking computers. Called "Perrun," it worries researchers because it is the first to be able to cross from infecting a program to infecting data files, long considered safe from such threats.

    "Our concern is more for what might be coming," said Vincent Gullotto, head antivirus researcher at McAfee Security, which produces top-selling antivirus software. "Potentially no file type could be safe."

    As with any computer threat, the best way to protect a computer is to have updated antivirus software.

    McAfee researchers received the virus from its creator. Virus writers typically send their new work to researchers as well as fellow virus writers as a way of bragging about their skills. Gullotto declined to identify the author. McAfee antivirus software can detect and remove Perrun.

    Perrun is known as a proof-of-concept virus, and does not cause damage. But Gullotto said he fears other virus writers may use Perrun as a template to create a more destructive version.

    Until now, viruses infected program files files that can be run on their own. Data files, like movies, music, text and pictures, were safe from infection. While earlier viruses deleted or modified data files, Perrun is the first to infect them.

    Perrun inserts portions of the virus code into the picture file. When the picture is viewed, it can infect other pictures. If the author wished, the virus could delete files on the computer or perform other mischief.

    The virus still needs modifications to become dangerous, because it arrives as a program file that can be attached to an e-mail. Security experts always warn against opening programs sent as e-mail attachments.

    Once run, the file installs a program onto the victim's hard drive that can infect pictures. When a computer user clicks on a picture file with the extension .JPG a common picture file found on the Web the picture is infected before it appears. Because the picture displays normally, Gullotto said, the victim may not know there's anything wrong.

    The normal display of the picture may give this new family of viruses a leg up on its predecessors. Two viruses that hit computers last year promised to show pictures of tennis star Anna Kournikova and a "Naked Wife." Even though they failed to show the photos, they infected millions of computers and clogged up e-mail systems worldwide.

    Other viruses, such as variants of the infamous LoveLetter program or SirCam, destroyed picture files or sent them and other files to random recipients.

    In its current form, an infected JPG file cannot infect another computer on its own. But Gullotto said there's no reason a virus writer couldn't make the picture itself able to infect other computers.

    That evolution should make computer users think twice about sending pictures or any other media over the Internet, Gullotto said.

    More detailed info can be found with this link: W32/Perrun

    Virus Characteristics:

    This appending virus is the first reported JPEG infector. It is multi-component in nature, requiring an extractor file to extract (and execute) the virus body from infected JPEG files.

    Infected JPEGs are unable to replicate on non-infected machines - ie. machines without the extractor component installed (hooked in the Registry).

    McAfee products running the 4185 DATs (or greater) with program heuristics enabled, detect both the virus body (11,780 byte PE) and its extractor component as virus or variant W32/Alcop@MM.

    This virus is a proof of concept and it has not been seen in the wild.

    The author of this virus has released a second variant that targets text files with the filename extension of .TXT

    The method of operation of this second .b variant is almost identical to the original W32/Perrun virus, with only minor differences in the filenames used.

    Again, this second variant is detected by McAfee products running the 4185 DATs (or greater) with program heuristics enabled, as virus or variant W32/Alcop@MM.


    Method Of Infection:

    The virus arrives in the form of a 11,780 byte PE file. When run on the victim machine, the 5,636 byte extractor component (EXTRK.EXE) is dropped (to the current directory). Both files are written in Visual Basic 6, and packed with UPX. The following Registry key is modified in order that JPEG file execution is hooked:

    "(Default)" = (current directory)\EXTRK.EXE %1

    Subsequently, when JPEG files are executed, the extractor component checks if the file is infected. If so, the virus body is extracted and executed. Only JPEGs in the current directory are infected, and only one file is infected per cycle. The extractor then attempts to display the JPEG using a system DLL.

    The .b variant uses the filename TEXTRK.EXE for the extractor component and the registry key modified is:

    "(Default)" = (current directory)\EXTRK.EXE %1

  2. #2
    Sinner's Swing! twonabomber's Avatar
    Join Date
    cleveland, oh
    Last Online

    12.08.16 @ 02:21 AM
    Liked 0 Times in 0 Posts

    looks like they found a way to stop me from downloading porn bastards!
    "is this a good show tonight, or fuckin' what?" - DLR, Montreal, 11/10/07

    Toronto 10/7...Cleveland 10/10...Toronto 10/12...Montreal 11/10



Similar Threads

  1. X-FILES
    By THE HULKAMANIAC BROTHER in forum VH Fans Meeting Place (Non-Music)
    Replies: 89
    Last Post: 01.05.18, 07:23 AM
  2. virus!!!
    By cloudieskie in forum VH Fans Meeting Place (Non-Music)
    Replies: 2
    Last Post: 12.15.01, 05:08 PM
  3. Another Virus?
    By LA in forum VH Fans Meeting Place (Non-Music)
    Replies: 5
    Last Post: 08.13.01, 05:50 AM
  4. Old virus
    By seenbad in forum VH Fans Meeting Place (Non-Music)
    Replies: 4
    Last Post: 03.20.01, 09:07 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts