Just because of curiosity, Is it possible to have virus or any malware in images with normal extension?
Thanks
Asked
Active
Viewed 421 times
4 Answers
4
Is it possible to have virus or any malware in images with normal extension?
Yes, but that's just since a file is a file, and the extension is just part of the file name. By itself, a file extension has no relationship to the contents. The extension just denotes what the file should contain.
If the file is not executable, the virus payload must be added in such a way to exploit a particular program that opens and parses the file. Commonly, this is done by manipulating the file's structure (at the byte-level) in order to cause a buffer/stack overflow in the program parsing the file.
Breakthrough
- 34,847
0
The virus is the program. And programs are stored in binary files. Images are also stored in files. Thus, viruses can be stored in image files. But there's a problem with running code of the virus stored in non-executable file type.
0
As Ramhound said, its theorically possible. Images are files that some executable like Microsoft Photo Viewer will parse and render on the screen. If the executable has a vulnerability, then a malicious person can create a special payload (image) that will exploit the vulnerability and then execute the malicious payload in the context of the application.
This was exactly what Stuxnet did with shortcuts(*.lnk) Stuxnet takes advantage of a vulnerability in parsing shortcut (.LNK) files in order to execute a malicious Control Panel module.
Ganesh R.
- 5,259
0
Malware probably won't distribute itself via image files, but historically there are exploits that use a malformed image file to cause the loading application to perform bad actions. check out these vulnerabilities: http://technet.microsoft.com/en-us/security/bulletin/ms11-029
http://technet.microsoft.com/en-us/security/bulletin/MS09-062
http://technet.microsoft.com/en-us/security/bulletin/ms04-028
this is not technically malware, but it is a means to run malcode on a target system. Its not unlike a website that leverages a Flash/acrobat exploit to run code within the plugin to download and execute a trojan on the localhost.
Frank Thomas
- 37,476