Carl - while I'm also dubious that we'll see true JPG-only based viruses, it's never a good idea to underestimate the opponent when it comes to security or assume that just because it hasn't been done yet that it's impossible. Your comment about a "properly designed" JPG routine not being subject to gettting scrammed is accurate - but it assumes way more than you'd want to assume in this area. Properly designed email programs wouldn't have been subject to buffer overflow attacks either. Properly designed network software wouldn't have been subject to denial of service attacks. Properly designed web server software wouldn't be subject to the myriad different attacks that have been waged successfully against them. So you can't ever really count on "properly designed" software - just that when someone figures out a hack that it'll quickly get repaired. The McAfee report was a press release and some related articles that came out during the summer in different publications.