This JPEG has a virus. Is it dangerous?
October 6, 2014 10:15 AM   Subscribe

I've got a few JPEGs with viruses in them. What would need to happen for these to get executed and do stuff to my computer?

I'm migrating my stuff to a new Windows 7 computer, and was downloading some photos from Google Drive, and it flagged a few of them as containing a virus. MSE didn't find anything in the files, but I uploaded one to a virus scan site and was told it contained Trojan.Win32.Jpgiframe. Here's a link to the report.

I didn't know picture files could have viruses. This is not a foobar.jpeg.exe situation, so I don't understand what this virus is and how it could be executed. These are all wallpaper photos I downloaded from the internet. Can someone explain what this virus is, how dangerous it is, under what circumstances it could effect my computer, how to know whether it has, etc?
posted by straight to Technology (9 answers total) 4 users marked this as a favorite
There has been at least one major Jpeg vulnerability in Windows, the Jpeg of Death. It affected windows XP and earlier, but it was patched in XP SP2. Here's the MS security note for it

That was ten years ago though, and I'm not certain it ever became more than a proof-of-concept.
posted by bonehead at 10:35 AM on October 6, 2014

Best answer: Malware can be encoded into JPEGs via stegnography - the ZeusVM banking trojan is a recent example.
posted by ryanshepard at 10:37 AM on October 6, 2014

Win32/FakeSysdef trojan.
posted by ryanshepard at 10:39 AM on October 6, 2014

Best answer: If you look at the report linked in the OP and click on the the "Additional Information" tab, it looks like there's just some plaintext HTML stored in the image file. By my read, it's nothing malicious and seems to just be the content of a wallpaper image site.

straight, is it possible that you downloaded some of the images improperly, such that you downloaded the web page instead of the image?
posted by Nonsteroidal Anti-Inflammatory Drug at 11:02 AM on October 6, 2014

Response by poster: The images opened like images and functioned as wallpaper on my old machine, and they looked fine without any artifacts. I don't think that would be true if I'd downloaded the webpage the image was on.

I'm aware that any program can be contained stegnographically inside an image, but what I'm asking is whether such a program (and particularly this one) could be executed maliciously, and if so, how.

ryanshepard, I guess you're saying that it's possible an existing virus/trojan might download an image like this from the web and execute a stegnographically embedded program? In that case, the image files themselves would be harmless unless my computer runs that particular virus/trojan? (In which case, it would probably be getting them from the web anyway, rather than my hard drive.)
posted by straight at 1:23 PM on October 6, 2014

Response by poster: NAID, I saw that html, but wasn't confident it represents the entire non-picture content hidden in the jpeg.
posted by straight at 1:25 PM on October 6, 2014

Best answer: In this specific case, I'm willing to bet that since it's wallpaper, the file got mistakenly false-positived by being bundled with some wallpaper manager spyware or being offered on a wallpaper site that also hosted drive-by malware downloads. Without a copy of the file in question, this is only a guess.

Speaking generally, the only way a JPEG file can cause problems on your system is if a program that reads JPEGs is written insecurely such that a specifically-crafted JPEG file can inject exploit code into the program. Typically, these sorts of exploits are very hard to do these days, since JPEGs are generally regarded as trusted files that browsers will display without prompting and browser/OS vendors have worked very hard to excise these sorts of exploits from their products. The wallpaper may or may not have exploit code in it, but if it does, and you didn't download it recently, the exploit it uses has likely been patched ages ago.
posted by Aleyn at 1:33 PM on October 6, 2014

That said, a poorly written wallpaper manager, image editor or photo manager may not have been given the same scrutiny, so if it was written to exploit one of those, then it could be used to exploit your system.
posted by Aleyn at 1:40 PM on October 6, 2014 [1 favorite]

Response by poster: Thanks, Aleyn. I use IfranView, Photofiltre, and GIMP for viewing/editing photos and the Windows Control Panel for the occasional wallpaper change, all of which are high-profile enough I hope they'd be safe.

I'll probably delete the affected photos anyway, but it sounds like I don't need to be concerned that they've infected my new computer.
posted by straight at 2:00 PM on October 6, 2014

« Older Roof Plus   |   Help!! with contacting Zoom and Steinberg/Cubase Newer »
This thread is closed to new comments.