Author Topic: Can a virus infect an image file format?  (Read 8153 times)

0 Members and 1 Guest are viewing this topic.

Offline djcross

  • Newbie
  • *
  • Posts: 2
  • Who says I'm a llama?
Can a virus infect an image file format?
« on: January 29, 2004, 02:06:12 AM »
Okay, maybe this is a stupid question, but I have to ask.
Avast has detected the Win32:Aris virus in 3 of my files.  all of them are TIFF (.tif extension)images that I created with photoshop.  The files can be opened with PS no problem.

Is it safe to assume that Avast reporting a false positive here?

Offline Culpeper

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1187
Re:Can a virus infect an image file format?
« Reply #1 on: January 29, 2004, 02:58:26 AM »
Wait for user Vlk to answer this.  He may want a copy of your files to double check.  He's on the Avast Staff and a moderator on this board.
The wind in the wires made a tattletale sound
And a wave broke over the railing
And every man knew, as the Captain did, too,
T'was the witch of November come stealing.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Can a virus infect an image file format?
« Reply #2 on: January 29, 2004, 07:10:40 AM »
Interesting question, really.

Some more Q's:
1. What are the names of the viruses?
2. What sensitivity did you use for the scan? Thorough?
3. Are the files huge? Could you send them for analysis? virus@avast.com

Thanks
Vlk
If at first you don't succeed, then skydiving's not for you.

Offline EverlastingGaze

  • Full Member
  • ***
  • Posts: 161
Re:Can a virus infect an image file format?
« Reply #3 on: January 29, 2004, 10:02:35 AM »
I have mailed avast with this question before,...they said a jpg itself cannot be infected,..but a script and/or trojan horse/worm virus can be attached to it,...so it seems harmless at first,...

The link i sended: http://www.museen.org/janina.jpg

DO NOT CLICK THE LINK   :D - if you open this with IE it does something to your Windows Media Player,....opening this with mozilla firebird gives you the pop up that the file is corrupted,....



Offline MikeBCda

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2251
Re:Can a virus infect an image file format?
« Reply #4 on: January 29, 2004, 02:11:35 PM »
I have mailed avast with this question before,...they said a jpg itself cannot be infected,..but a script and/or trojan horse/worm virus can be attached to it,...so it seems harmless at first,...

Slightly O/T, since djcross originally posted about TIFF's, but ...

Interesting, John.  I was certain I'd seen, maybe a couple of years ago in some computer magazine or another, similar news out of CERT (I think that's the right org. - "official" computer security?) that they'd made an interesting and potentially serious discovery in their labs.

They'd found that viruses and/or worms could be "piggybacked" onto JPG's, which of course most a-v scanners will just ignore.  My son told me I was crazy, since JPG's essentially just a compression format, but I'm inclined to think the guys at CERT know a little more about such things than he does.  ;)

They did say, though, that they had no reason to believe it had ever been done except in their own labs.

Best,
Mike
Intel Atom D2700, 2 gig RAM, Win 7 x64 SP1 & IE-11, Firefox 51.0
(default). 320 gig HD, 15Mb DSL, Win firewall, Avast 12.3.2280 free, SpywareBlaster, MBAM Prem., Crypto-Prevent

Offline djcross

  • Newbie
  • *
  • Posts: 2
  • Who says I'm a llama?
Re:Can a virus infect an image file format?
« Reply #5 on: January 30, 2004, 01:53:43 AM »
1. What are the names of the viruses?
In all three files it's the same virus: Win32:Aris

Quote
2. What sensitivity did you use for the scan? Thorough?
Yes - Thorough

Quote
3. Are the files huge? Could you send them for analysis? virus@avast.com
The files are fairly large, between 30 and 60 MB each.
I can send you the smallest one, as long as you don't mind such a large email attachment.  I could also make it available via FTP.  I could probably reduce the file size significantly if I compress it,  but I don't know if that might potentially be a problem (given that they are reportedly 'infected').  Please advise.

I'm interested to know that it might actually be possible for a virus to exist within an image format.  However - if this is the case I wonder where the virus might have originated.  I created these files based on source files from a client, but a thorough scan of my system didn't identify any other infected files (including the source of these images).

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Can a virus infect an image file format?
« Reply #6 on: January 30, 2004, 08:45:15 AM »
Quote
The files are fairly large, between 30 and 60 MB each.
I can send you the smallest one, as long as you don't mind such a large email attachment.  I could also make it available via FTP.  I could probably reduce the file size significantly if I compress it,  but I don't know if that might potentially be a problem (given that they are reportedly 'infected').


OK, TIFFs are known to compress very well. Please ZIP one of the files and put it on your FTP server. Then send its URL to the virus labs - virus@avast.com, putting a link to this thread in the message body.

Quote
I'm interested to know that it might actually be possible for a virus to exist within an image format.  However - if this is the case I wonder where the virus might have originated.  I created these files based on source files from a client, but a thorough scan of my system didn't identify any other infected files (including the source of these images).

By definition, a virus is a piece of code (either directly machine code or some kind of pseudocode). Therefore it cannot be contained in files such as plain text, plain graphics bit etc., provided these are not further interpreted as code by some application (e.g. batch files or vbs scripts in case of plain text).

It's generally impossible for the AV to a priori know if a given file is going to be interpreted as code or not. Therefore, the only thing that remains is to treat all files (especially when scanning with the highest sensitivity) as possibly code-containing.

Many today's formats (e.g. Office files [Word Excel etc], mail files, etc.) are also able to contain embedded objects - files of other types than themselves. It is a virtue of any AV to be able to detect those.

Specifically, I'm not sure about TIFFs. I've the impression that these files are really plain image-bits only, but let's wait for the virus guys to find out more.

Vlk
If at first you don't succeed, then skydiving's not for you.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11747
    • AVAST Software
Re:Can a virus infect an image file format?
« Reply #7 on: January 30, 2004, 09:31:03 AM »
TIFFs are known to compress well?
Well, TIFF is a kind of format similar to AVI, or even worse - in the sense that it can contain almost anything - compressed data (lossy/lossless), uncompressed data, many possible formats... I'm not sure if any software supports all the extensions that a TIFF may have (In fact, GIF is another one of these).

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11665
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Can a virus infect an image file format?
« Reply #8 on: January 30, 2004, 09:37:06 AM »
OK, I was refering to the 'classic' 30+ MB TIFFs...
If at first you don't succeed, then skydiving's not for you.

Offline EverlastingGaze

  • Full Member
  • ***
  • Posts: 161
Re:Can a virus infect an image file format?
« Reply #9 on: January 30, 2004, 03:31:39 PM »
TIFF's (Tagged Image File Format) are mainly used in the printing industry (CMYK, pantone,Truematch,...)because it has no dataloss if you save it,...even if you use the LZW compression. TIFF also has the ability of saving layers (when working with Photoshop).

This format is not build for internet purpose,...
GIF, JPEG, PNG are the most advisable extentions concerning images.

GIF => color table of 256 (0-255) colors + able to add animation, transparency,...
JPEG => save with a compression level: miljons off  colors are embedded even if the image only contains 3 colors,...
PNG => combination off GIF and JPG,...but not really popular,..cause older browsers do not really support this format. (IE4)

maybe a bit off topic,... :) but maybe some of you appreciate it  :D
« Last Edit: January 30, 2004, 03:31:51 PM by John- »