Out of the Blue

Gosh I remember the days when viruses on the Internet were so uncommon you would actually write back to someone if they sent you one to find out if it was intentional, or to let them know they had a problem. Nowadays, of course, they come flooding in at such a rate it's impossible to do that, even if they did have the proper sender's address (which almost none of them do anymore). Well if things are wild with all this now, I just can't imagine what will happen if the virus mentioned in a Wired article called New Virus Infects Picture Files (thanks [MP] Wolverine [MP]) proliferates.

Link of the Day: Bob Reno's BadJocks.com. Thanks BabyJesus.
Story of the Day: U.S. spy imagery viewed by civilians. Thanks dbodine and Frottage, who adds: "This all could have been prevented had they had used spam encryption."
Weird Science: Tuning in to a deep sea monster. Thanks Bryce Baker.
Wild Science: Extrasolar Planets. "Newfound planetary system has 'hometown' look." Thanks SurlyBitch.
Auction of the Day: Porsche Boxster. Thanks Chris Johnson. So is there more plastic molding on the car, or the presenter?

View : : :
22 Replies. 2 pages. Viewing page 1.
Newer [  1  2  ] Older
22.
 
Re: Speaking of viruses...
Jun 15, 2002, 09:32
anon@194.82
22.
Re: Speaking of viruses... Jun 15, 2002, 09:32
Jun 15, 2002, 09:32
anon@194.82
 
It's Klez. I can't be arsed giving all the details now, so look it up at Symantec.
21.
 
Re: Speaking of viruses...
Jun 14, 2002, 16:14
anon@62.254
21.
Re: Speaking of viruses... Jun 14, 2002, 16:14
Jun 14, 2002, 16:14
anon@62.254
 
Yes, they don't seem to do anything but I can't really work them out as I can't see who they are coming from or anything like that.

Mostly I just ban and delete from the list, but I keep getting them and I would like to know if this is just normal random viruses or someone with a grudge...
20.
 
Re: Speaking of viruses...
Jun 14, 2002, 15:50
20.
Re: Speaking of viruses... Jun 14, 2002, 15:50
Jun 14, 2002, 15:50
 
--- Quoted ---
Also, any ideas about the 150k emails I get that take me to a page not found with a load of trash in the header? Seems like an outlook script virus/possibly java or similar as there is no attachment.
--- End Quote ---

Sounds to me like someone hoping to take advantage of a known buffer overflow (or some similar) vulnerability in a particular web browsing software. There have been published instances where formatting a URL in a certain way can allow a hacker to execute thier own program code on your computer.

If you keep your browsing software up-to-date, you can minimize your vulnerability to this type of attack.

=©=
---
Chris.
19.
 
Re: No subject
Jun 14, 2002, 15:26
19.
Re: No subject Jun 14, 2002, 15:26
Jun 14, 2002, 15:26
 
It's a virus that merely watches .jpg and executes code that it finds in there. Now this .jpg code can do anything rather than one specific thing like most viruses did in the past. Someone can send out .jpg code that deletes files, and someone else can send out .jpg code that sends reg info somewhere..

This kind of virus is nothing new. For example, there are tons of virii(sp?) out there that allow other people unlimited access to the infected computer. The only "new" thing about this JPEG virus would be that the instructions on what to do are transmitted using JPEG files instead of, say, a TCP connection.
Actually, I'd classify this as a low-threat virus, since the chances that someone has both an infected system and then views a JPEG with embedded instructions are pretty small. Certainly much lower than a virus that doesn't have to be "activated" by a JPEG file.

Fully automatic backups with Ocster Backup Pro 3
http://www.ocster.com
18.
 
Re: Speaking of viruses...
Jun 14, 2002, 14:56
anon@24.162
18.
Re: Speaking of viruses... Jun 14, 2002, 14:56
Jun 14, 2002, 14:56
anon@24.162
 
Also, any ideas about the 150k emails I get that take me to a page

Possibly Klez virus.
17.
 
Re: Lossy?
Jun 14, 2002, 14:51
Xil
 
17.
Re: Lossy? Jun 14, 2002, 14:51
Jun 14, 2002, 14:51
 Xil
 
that is a good one.... what if you re-save the jpg, where does it go then ?

or what about a not so well coded jpeg viewer that keeps reading till the end of the file and not end of the picture, that should kinda show it ... ?

Avatar 12935
16.
 
Re: Speaking of viruses...
Jun 14, 2002, 14:11
16.
Re: Speaking of viruses... Jun 14, 2002, 14:11
Jun 14, 2002, 14:11
 
I get the same thing in both Yahoo and Excite mail.

15.
 
Lossy?
Jun 14, 2002, 13:47
anon@198.144
15.
Lossy? Jun 14, 2002, 13:47
Jun 14, 2002, 13:47
anon@198.144
 
Since JPGs are a lossy format, I wonder if re-saving an infected JPG will cause mutations
14.
 
Re: No subject
Jun 14, 2002, 12:41
14.
Re: No subject Jun 14, 2002, 12:41
Jun 14, 2002, 12:41
 
Sound like either BS or a buffer-overrun exploit, but they tend to be extremely app-specific, and lots of stuff open jpgs.

Absolutely classic hoax material of the type my wife gets sent constantly (she's a published author with a wide group of online-but-not-very-comp-savy emailers)

FocalPoint, a ve refugee who probably won't go back at this point.

13.
 
No subject
Jun 14, 2002, 10:54
anon@212.76
13.
No subject Jun 14, 2002, 10:54
Jun 14, 2002, 10:54
anon@212.76
 
Actually, it's not that the virus is fake as much as it's being misinterpreted by the "media". This does seem to be a unique virus in that it's data-driven. I'm not sure how data-driven viruses were in the past. It's a virus that merely watches .jpg and executes code that it finds in there. Now this .jpg code can do anything rather than one specific thing like most viruses did in the past. Someone can send out .jpg code that deletes files, and someone else can send out .jpg code that sends reg info somewhere.. etc.. for example. The people that write the virus code (which could be anyone - not just the author of the watcher program) embedded in the .jpg just need to follow the spec that the watcher program looks for. Whether or not this is any more or less malicious than other viruses remains to be seen, but it is certainly wayyyy more flexible in what it can do. And like someone else said, you may have dormant viruses in .jpg files on your computer that suddenly become activated when you get the ".jpg watcher" virus and next view these pictures.
12.
 
Speaking of viruses...
Jun 14, 2002, 10:42
anon@62.254
12.
Speaking of viruses... Jun 14, 2002, 10:42
Jun 14, 2002, 10:42
anon@62.254
 
Also, any ideas about the 150k emails I get that take me to a page not found with a load of trash in the header? Seems like an outlook script virus/possibly java or similar as there is no attachment.
11.
 
Re: virus
Jun 14, 2002, 10:40
anon@216.173
11.
Re: virus Jun 14, 2002, 10:40
Jun 14, 2002, 10:40
anon@216.173
 
Actually I had a discussion with someone years ago who knew a bit about the jpeg, while they wern't able to impliment the virus properly they believed it was possible. As jpgs contain instructions for the decompression algorithm, its possible to find a buffer overflow in the program viewing the jpgs and use that to execute arbituary code. Obviously it would have to be coded to only a specific jpg viewer (most likly whatever is used to view JPGs in IE) though it could potentially have seperate peices of code for each, but this would make the virus quite large.
10.
 
Re: Not likely
Jun 14, 2002, 10:37
anon@62.254
10.
Re: Not likely Jun 14, 2002, 10:37
Jun 14, 2002, 10:37
anon@62.254
 
Agreed, either the article was written badly or he's bullshitting.

It would only work if the exe had been run but this would leave the question of what happens if you have a lot of normal-looking dormant infected jpegs, I assume virus scanners will detect them but it will be interesting to see what happens to the people without scanners who have a ton of innocent looking files that suddenly become active when they recieve the exe part of the virus.
9.
 
Re: virus
Jun 14, 2002, 10:36
9.
Re: virus Jun 14, 2002, 10:36
Jun 14, 2002, 10:36
 
http://features.slashdot.org/article.pl?sid=02/06/14/1343223&mode=thread&tid=166

<edit> oops Schnapple beat me to it </edit>

This comment was edited on Jun 14, 10:39.
8.
 
Re: virus
Jun 14, 2002, 10:35
8.
Re: virus Jun 14, 2002, 10:35
Jun 14, 2002, 10:35
 
Slashdot says it's fake and something McAfee (who is #2/#3 behind Norton for eternity) made up.

http://slashdot.org/article.pl?sid=02/06/14/1343223&mode=flat&tid=166

(I'm just the messenger)

Schnapple

http://members.tripod.com/schnapple99/
7.
 
virus
Jun 14, 2002, 10:23
7.
virus Jun 14, 2002, 10:23
Jun 14, 2002, 10:23
 
The virus needs a program to be active on the computer first. So its not really a true virus.

Never argue with an idiot. They will drag you down to their level and beat you with experience.
6.
 
Re: Not likely
Jun 14, 2002, 10:16
6.
Re: Not likely Jun 14, 2002, 10:16
Jun 14, 2002, 10:16
 
This virus thing is complete nonsense. Obviously, the person who wrote the article has misunderstood the information he/she was given. JPEG files do not include any kind of active components, no scripts, no executables.

The article is contradicting itself by stating:
In its current form, an infected JPG file cannot infect another computer on its own.

What kind of virus is that if it requires itself to be already installed on a computer in order to infect it? D'Oh?

But Gullotto said there's no reason a virus writer couldn't make the picture itself able to infect other computers.

Apart from the picture being completely passive piece of data, that is...

Fully automatic backups with Ocster Backup Pro 3
http://www.ocster.com
5.
 
Re: Virus..
Jun 14, 2002, 10:03
5.
Re: Virus.. Jun 14, 2002, 10:03
Jun 14, 2002, 10:03
 
I don't think it's pretty much spreading out like you seem to say in your post blue ;o).

Actually, I don't think my post says it's spreading like you seem to say in your post, Gandalf.

I suppose repeating it won't help if you misinterpreted it the first time, but here again is all I said:

I just can't imagine what will happen if the virus mentioned in a Wired article called New Virus Infects Picture Files (thanks [MP] Wolverine [MP]) proliferates.
Stephen "Blue" Heaslip
Blue's News Publisher, Editor-in-Chief, El Presidente for Life
Avatar 2
4.
 
Not likely
Jun 14, 2002, 10:00
anon@208.3
4.
Not likely Jun 14, 2002, 10:00
Jun 14, 2002, 10:00
anon@208.3
 
Unless Microsoft (or someone else) has added some type of macro language as an extension to what 'is' a jpg, I don't see how any of this can be true.

As it is, this is a standard virus that has to be installed by someone running an executable and then it starts mucking with JPG files. This to me is a standard malicous virus.

How is it possible that the JPG passive data could do harm? The only way that I can this is if the JPG spec has some form of 'language set' that ALL or perhaps a specific viewer program will execute. I have never heard of this.

I think this is a play on words to get attention when in fact it is a virus that screws with JPG files.

Can someone shed some hard facts and details here.

dk
Manchester, NH
3.
 
Listen to the Bloop
Jun 14, 2002, 09:55
anon@204.164
3.
Listen to the Bloop Jun 14, 2002, 09:55
Jun 14, 2002, 09:55
anon@204.164
 
You can hear a sped up version of the Bloop sound here:

http://www.pmel.noaa.gov/vents/acoustics/sounds/bloop.html

To me it sounds like something huge plopped into the water, like a piece of meteor or something. Either that or someone farted.
22 Replies. 2 pages. Viewing page 1.
Newer [  1  2  ] Older