There's was an interesting debate today in class regarding the possibility of Trojan Horses being embedded within .jpg and .gif files (animated gifs too). Can this really be done?

In a word..yes..scripts can be written to do this. It would involve basic programming knowledge...

I thought so...I've been hearing about it quite a bit around school. There was this dude in class that was convinced that they cannot reside in graphics file types or even scipts at all...he thinks trojans originate from MS products.

LOL...yeah, and I suppose the Cult of the Dead Cow is just a subsidiary of MS for QA purposes.

...he thinks trojans originate from MS products

LOL hardly trojans were way out there before ms prouducts

Jason

Yep, that's how I got my recent trojan :/ Friend sent me a .jpg like he always does, tried to open it...got an error. Next time I scan my system, I find a subseven, check firewall and someone from a .edu domain port scanned me 18,000 times! So I know you can http://sysopt.earthweb.com/forum/smile.gif

I'm a little (okay fully) unconvinced that a trojan can reside in a jpg, which is a DATA file. Was the file really named "picture.jpg.vbs" and you didn't look at the file type? Unless a corrupted jpeg can cause a very precise stack overflow, I think this is a really good wives' tale. Otherwise, PLEASE ENLIGHTEN ME with some real evidence.

I agree.. i mean even if there was something embedded in the jpg (if it wasn't a jpg.vbs) the image viewer you were using would have to know what to do with it..

I do not think they put any type of script support into an image viewer..

Yeah, that was my first impression, too.... same with .gifs, I thought...... Just data files...

Anybody know better?

Bryan

Well, don't have any real evidence(I don't have the "picture" anymore and I'm sure I didn't see .jpg.anything after it). But by deductive reasoning, that picture file was the only thing I downloaded between my weekly virus scans. Maybe if I get it again I'll send it to you. http://sysopt.earthweb.com/forum/smile.gif Until then, I'll keep believing you can get them in picture files.

smokin1, can you add to this?

Yes you can but viruses into a .jpeg. this was a long time ago when i younger i was trading pics on aol i opened up on and it erased everything i had. it was funny now that i look back. i remeber a window popping up and seeing everything being deleted right in front of me. i freaked out and turn off the computer. re booted and got the message operating system not found
http://sysopt.earthweb.com/forum/frown.gif mom wasn't too pleased

Jason

You cannot get virus or Trojans from Pictures unless those pictures have executable code AND you run them as a script or program. (Under normal circumstances)

You can hide a virus or a trojan inside a picture, but the picture itself cannot infect you. The virus or Trojan must be called from the picture by another program. (In other words, for a picure to infect you, you must have a malicious program that
1. Opens the picture
2. Expects code in a picture
3. Runs the code

This is the same as a .txt file. The txt file cannot infect you, as it is just data and nothing more. Your computer does not know how to execute it. Now, write a malicious perl script that formats your harddrive and save it in the text file . Now open the perl script in notepad. Nothing happens execpt that you can read the script (Your hard drive still has its data.) Now open the perl script file with perl . You now have a freshly formatted hard drive.

This is the exact same thing with pictures.

The reason that people believe that a picture can infect you is because by default windows does not show the file extension for known file types. So if I name my virus picture.jpg.vbs the virus by default is shown as picture.jpg



[This message has been edited by skippy (edited 02-27-2001).]

I agree skippy, I was merely answering the question as to whether a trojan could be embedded..to me that meant the trojan arriving with the jpeg..a search on AIM exploits and vbs scripts will provide more info.