JPG (JPEG) — a „Proof of Concept” Virus

What is a „Proof of Concept” virus, and should you be worried about this one?

A „Proof of Concept” virus is one that is written by a person with advanced programming skills, to demonstrate that something new can be accomplished. Most often, they are sent to an anti-virus vendor, as if to say, „So there!” and no others are created, except by amateur vandals who produce and circulate hacked copies.

The reality of going from a proof of concept to an everyday concern takes time, and does not always work. Concept (the first Macro virus) was gleefully presented to the AV companies in 1995, and until Microsoft strengthened MS-Word, macro viruses were the „in” thing with virus writers (and vendors’ sales/advertising teams). In the two years the Microsoft ignored the real problem (even calling Macro viruses a prank), thousands of Word macro viruses were created.

Another success story for virus writers was Bubbleboy, a script worm, distributable by e-mail. Thanks to the strength of VisualBASIC, the simplicity of using it to create worm programs, and the lack of defenses built into Outlook Express, its descendants made reading e-mail a risky proposition for some time.

But the failures among proof of concept viruses constitute a much longer list. There was LaRoux, again spoon-fed to the AV people in 1995, for Excel, but Excel viruses require sharing of spreadsheets, so those did not get far. A few hacked variants were made from it, but no virus writer would waste his time creating one today.

Other proofs of concept are mere curiosities today, like a macro virus written for Word Perfect. That one failed, because unlike MS-Word, Word Perfect’s macros were not embedded in the document, obliging one to share and open two separate files. Proof of concept viruses were written for Ami Pro and PowerPoint, even Java, but those failed, too.

Same flaw here. One must run an infected EXE in order for the system’s registry to be altered to run the EXE, whenever one clicks on a JPG. That is NOT a real problem. As careful people have been doing, do NOT run any „donated” EXEs, and you will be 100% safe. Clicking on a JPG will not matter.

When the day comes (if it ever does) that the entire virus is made part of, (or more likely, appended to) a JPG, clicking on a JPG will involve some risk. But we are not there yet, and not many virus writers have the skill level to accomplish that, anyway, IMHO.

Even if things get that far, not clicking on a JPG like a robot which one should not do now, anyway (in case of a fake double extension, like .JPG.EXE), but using a program (like a Web browser) to open it should defeat any such virus, because (as far as I know) all such programs read only the JPG’s code, not executable code, and software producers are not going to re-write their programs to accommodate the virus code.

The bottom line: do not worry about JPG viruses, until there is something to be worried about.