A new way to infect?

http://www.cnn.com/2002/TECH/internet/06/13/picture.virus.ap/index.html
Apparently someone has figured out how to infect jpg's, but there still an executable attached.

 

This is nothing other than an attempt by McAfee to boost sales through scaremongering.

From Wired (based on a McAfee press release):

Do malware authors *really* send their new creations to researchers? If so, why is it that definitions aren't updated to so as to deal with a particular virus until *after* that virus has appeared ITW?

Strange too that McAfee should refuse to identify the author. Could it be the case that this "virus" was developed in-house?

If Perrun is harmless, why did McAfee bother to update the definitions in order to remove it? Marketing?

From McAfee:

Hmmm. So to become infected by this "virus ", a user would need download both an "infected" JPEG and an "extractor ". This doesn't strike me as an effective method of distribtion. It would be *much* easier for a malware author to simply embed hostile code into the "extractor" thus negating the need for an infected JPEG. Why rely on a JPEG when the "extractor" itself could contain code which would wipe a HD and flash a BIOS?

Scaremongering!

I really do hope that McAfee gain no advantage whatsoever from such disgraceful marketing tactics!

 

Markp62, & brett,

I've wondered for a long time if maybe "all" AV companies arent just a little bit guilty of this very thing. Creating in house viruses then claiming that only their software can detect it, or that they are the only ones with a "fix." It would certainly be a good tactic for continuance of sales to the super paranoid PC users.

 

I doubt that any AV developer would intentionally release a destructive virus ITW. The risk of civil and/or criminal action would be too great.

This is, however, slightly different because the "virus" is harmless. Nonetheless, Perrun still constitutes a particularly insidious marketing ploy.

Inserting - or hiding - data in image files (or, for that matter, just about any other type of file - including MP3) is not a new concept. In fact, far from it! The process is called steganography (which is also a type of dinosaur ) and there are numerous steganogaphic applications, such as this freebie, available. However, to work, the process requires that the recipient has a "decoder" installed as, without this, the data will simply remain sitting (harmlessly and invisibly) in the JPEG file.

In other words: no "decoder" = no risk and if you can get the "decoder" installed onto a system then why not simply infect *that*. To do otherwise would be totally illogical, Captain

 

Maybe I wasn't too clear. I meant harmless, effectively annoying & with lots of hype about them, since refusing to name creator or source of virus.

It would be a good sales ploy, since most people would never think of the logic of infecting the decoder instead of the jpg. jpg's are something everyone uses, so therefore it would be a logical subject to use for such a sales boost ploy, with the majority of PC users, on the part of an AV company.

 

http://www.idg.net/ic_877855_1794_9-10000.html

 

I thought it was dubious for someone to send in a virus like that. Unless, it was someone just trying to point out the potential for this type of thing to happen in the future. MacAffee was definitely getting some attention to itself out of this, but end up only to prove that they will jump the gun.
I originally that this was some sort of hype. It reminded me so much of the boy who cried wolf is why I posted it in the first place and wanted to get some feedback on this to see if others had the same opinion on this.
For someone to create a new virus or modify existing viral source code would defeat the purpose of the evil intent.
Another thought on this, if someone was to code up a data file that can be self modified without an external application, what would be the point of selling software? Once someone has that file, they would essentially have the application to create what they please.