The bug, called W32/Perrun or the "JPEG infector," is claimed to be the first of its kind by security company Network Associates, who said the low-risk virus presented a "limited threat to consumers and corporations."
In describing the virus, Network Associates said Perrun had two parts: One part of the bug consists of infected JPEG images that contain the viruses' payload but do not corrupt the image itself. The second half of the bug is a viral program that extracts the code from the images and infects other JPEGs on the system as they are opened. This means that computers would need to be infected by the extractor virus first, before any dangerous code hidden in an image file can do any damage.
All of this means that users cannot be infected by just opening a JPEG image on the Web. Instead, a virus on an infected computer copies code into a digital image and waits for the JPEG to move to other infected systems. The virus on those systems will then read the code fragment in the JPEG image and follow the instructions.
What's more, it is reported that the virus has not been released on the Internet but has been sent only to major anti-virus companies by the creator of the code. The extractor file only infects computers running Windows.
"It seems to be more of a proof-of-concept than anything else," explained Dermot Williams, managing director of Systemhouse Technology Group in Dublin. "We have had definitions since yesterday, and by accounts it's a very low-risk virus."
Nevertheless, some anti-virus experts are saying that Perrun, though generally considered to be an almost non-existent threat by recent viral and worm standards, demonstrates the continually evolving threat viruses can pose as creators look for new ways to "slip something under the radar."
|