Jump to content

Recommended Posts

There was nothing to say that a "virus" was embedded in a JPEG.  It discussed virus writers and anti virus software and scanners.


The article was "Attackers Get Sneakier With Encrypted Malware".

All viruses are malware but not all malware are viruses.


The fact is this is nothing new and goes back further than the article's November 2011 date.  McAfee demonstrated this around 2006.


It has been shown that malware can indeed be embedded in a graphic file and not just by steganography.  However one needs to have an external program to extract and convert the embedded malware into an executable.  That's the problem.  It needs to be extracted and converted.  The reality is the program or utility that is used to extract and convert the binary is detected and if you think about it, why have the extraction utility go through the all that work when the extraction utility could have the payload and not the malware embedded in a graphic.


Thus while it may be a way to communicate malware without detection, as an infection vector it is a bad idea and never caught on and from POV of the logistics, it won't.  Therefore it is nothing to worry about from a computer user's perspective.


In short IFF this was a viable methodology, Malwarebytes' Anti-Malware (MBAM) would detect the extraction utility.  The fact is, it is not seen "in-the-wild" because it is not a viable attack vector.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.