^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�WARNING^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^�^� vIRuS!

Mike Duvos mpd at netcom.com
Sun Sep 1 02:29:10 PDT 1996


Alan Olsen writes:

> This is the clueless kind of crap I expect pitched to AOL users and
> upperlevel management.

> GIF and JPEGs contain *NO* executable code.  You cannot get viruses
> from them.  You obviously have no clue as to what the hell you are 
> talking about. 

> The only way that you could obtain the effects described above is 
> with Black Magic and/or Voodoo.  (And not even then.)

I don't want to restart the jpg-virus flame war again, and this 
particular story is likely completely bogus, but I should point out 
that most complicated software, including jpeg viewers, has
undiscovered bugs lurking about.  It is also not particularly
difficult to find a garbage input file for most sloppily written
programs which bombs the program into branching into one of its
data buffers.  Indeed, it wasn't so long ago that you could get
httpd to put crap on its own stack by feeding it an excessively
long URL. 

So I would certainly not be surprised if someone managed to 
construct a .jpg file which would do nasty things to ones machine
if loaded with a specific viewer, and give an error message when 
loaded by other software.  

If the viewer was a widely used one, and the .jpg was posted on 
Usenet with an alluring title, one could probably do quite a bit
of damage before people got wise.  

Not a virus in the traditional sense, but a fairly common way
to attack complicated operating systems and applications. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     mpd at netcom.com     $    via Finger.                      $







More information about the cypherpunks-legacy mailing list