The best form of protection against viruses is being prudent. I would claim opening a "chart.jpg..................exe" file is reckless and ignorant. A ".jpg.................exe" file is not what I meant by a ".jpg" file. A ".jpg.............exe" file is an ".exe" file. Carl
This virus needs an executable to be installed on the machine in order for it to work. Even infected ".jpg" files will not do any damage if you are not infected with the extractor (see below). The ".jpg" file is raw data and is harmless. It only becomes dangerous when combined with the extractor. How do you avoid installing the extractor? Caution and control over what you download and run and control over which mail programs you run (i.e., don't use Outlook). http://vil.nai.com/vil/content/v_99522.htm Carl
This product monitors registry changes, and a lot more. Works great. http://www.greatis.com/regrun3.htm
This is a good idea for a thread. On Thursday I got a virus that required me to reformat my entire hard-drive. It got its way into every file on my computer, so everything was lost. I can't remember the name of it, but it prevented all access to the internet and when I tried to install any program (this would obviously include antivirus) the install would crash. So as a result of being lazy and putting off installing Norton two weeks ago when I got the computer, I lost most of friday. Brandon
I agree with Carl that it'd be difficult, if not impossible to make a jpg into a virus considering your own computer determines that it's a jpg and runs a viewer program. Nothing is being executed except the viewer so I don't see how it could infect your system. Perhaps if the jpg is loaded through MSIE and somehow contains code... I've never seen anything like this happen, though so I'd have to see an article by someone with more knowledge on the subject. One thing I've noticed is I've been getting a lot of email spam in my hotmail account containing files about 126K in size. The times I've mistakenly opened the mail there's nothing in it. Hotmail doesn't say there's an attachment or that there was a virus infected file that was deleted. Does anyone know anything about this?
-I used the anti-trojan.net program for the first time, it identified a .jpg as having a trojan backdoor .. I deleted the file .. can't recall the exact name of the trojan it found .. (do a google search with words "trojan" and "jpg" file and see all the references! here's one that looks like written by a hacker for example (also see symantec + other sites for more): http://www.megasecurity.org/Info/exe_to_jpg.html ) -the pestpatrol program found a trojan in addition to the (unimportant) ad-cookies it found; agree the antivirus programs should be more inclusive to check for trojans good idea re reformat/redo the drive if any problems.. the roxio goback program will save various "states" of the pc, eg will save your pc's state in a 4 gig file .. but that doesn't protect against if the .bin file it saves to is somehow corrupted too.. agree getting a lot of pita (pain in the a--) 126k type filesize emails w/virii .. what's troublesome is all the new virii that disable antivirus programs and firewalls .. would be nice if the software companies who created those, would automatically add crc checking and/or vary the filenames somehow to control for that .. -remote access terminal / rat trojans with keyloggers are the major concern.. * recommendations for a good hardware firewall? sounds like a good added layer of protection * Excellent idea easyrider, others re having a pc without much on it.. In fact thanks to you guys, that's what my solution will be, using two pcs: HARDWARE SOLUTION TO VIRUS/TROJAN PROTECTION: MAIN "DATA" PC: No websurfing or downloads on it directly, I use this solely for web design, keeping passwords, sensitive data on. Also used for password-sensitive online transactions (online banking, accessing broker software, and getting esignal datafeed, uploading to manage websites etc) ONLY... no other downloading/receiving emails/browsing etc allowed on this one. High-security terminal with very limited online behaviors allowed. "TERMINAL" PC: Second pc used for surfing the 'net, downloading files, anything that can conceivably lead to being infected with a virus. This pc has virtually nothing of importance on it besides the browser, lan card for cablemodem access. It will be used to test out software downloads, receive/answer emails, anything that could be risky. Using latest firewalls/antivirus/antitrojan programs, plus add a hardware firewall. SOFTWARE/DATA TRANSFER PROCESS: If I find a new piece of software I have to have (reminding myself to limit this, I used to like trying out anything that looked interesting at download.com etc) .. or updates etc, have a quarantine process: a) download/test it on the first 'terminal pc' first for awhile .. make sure no virii/suspicious behavior starts. Give it a week+. b) if it looks fine, then burn the original download file to a cdrom and load into the 2nd pc .. Does that sound ok? What am I overlooking? Any other ideas? May be simpler to have internet and non-internet pcs... or, internet w/risky (receiving emails, downloading s/w), and internet w/o risky behaviors allowed... Thinking this through .. it's apparent, things like receiving emails should be done on a non-important pc, given the daily virus attacks we all get .. you can count on the hackers to come up with something Before NAV can come up with a patch, and bang that's it.. infected. So, this seems like a prudent course of action.. Any other ideas? I think this parallel "terminal pc" and "data pc" idea, probably good, though a pain to keep up two pcs, at least if a bug zaps the terminal pc, no biggie... and this one, hmm another idea .. will be a kiosk-type reverted pc using roxio, so it resets the pc's "state" daily automatically at end of each day.. store data on cd-roms .. thx guys.. good feedback.. let's get some continuing teamwork on this, I'll update too w/what I'm finding .. let's post, keep it active .. it's a common threat we can all agree is important to deal with .. ken
Carl - the point McAfee was making about JPG infection is that the current scenario requires the machine to already be infected by Perrun, however most viewers use a common JPG decompression routine and their belief is that it is possible to configure a JPG file that would scram the routine possibly causing the computer to end up executing binary instructions of a virus in the JPG. Who knows how practical it is, but there have been other virus attacks on email programs based on buffer overflow for instance that cause the email program to end up executing binary instructions contained in the email. These overflow traps should be fixed by current security patches on most operating systems, but it's not beyond belief that someone might eventually figure out a way of scramming the JPG viewer (such as the one built into most browsers) in some way.
Interesting, but I have a hard time believing that a properly designed .jpg viewer would execute binary instructions because of the data inside a .jpg file. At worst it would get fooled into reading bytes that are beyond the limits of the .jpg file (and this in of itself would not result in any harm to the system). I contend that the only way a .jpg viewer is going to propagate a virus is if the .jpg viewer contains the virus itself. This is similar to the Perrun virus where it inserts a reference to a virus program to run whenever a .jpg file is opened. The virus is not inside the .jpg data itself. As for somebody finding a way to scam the .jpg viewer by feeding it "virus-infected" .jpg files, I suspect that if this were possible, it would have been the one of the first security hole that hackers would have tried to get through. In other words, we should have heard of the horror stories associated with this kind of attack already (just like the e-mail buffer overflow attacks you mentioned). Because of this, I suspect it is not possible. By the way, when you say "their belief" - are you talking about McAfee? Do you have a link where they say they think this is possible? Sceptical but curious, Carl
Ok a virus does not come in a true JPG file . The file looked like a JPG but had to have an extention after the JPG. Example: thisisatrojan.jpg.exe thisisnotatrojan.jpg