Images containing hidden virusses

Hi everyone,

I kinda managed to get myself paranoid over images i’ve looked at having potential virusses in it.

so i’m making this topic to see if anyone has any advice to know more about figuring out how to see if the pics that I saw contained any weird files etc.

is it even possible for Facebook profile pictures to contain a virus at all?

All help is appreciated =] Just trying to get some more knowledge about Stereography and such.

I think you mean “Steganography”, where a file is imbedded in a graphic file without it overtly affecting the appearance of the graphic.

The file that is steganographically embedded in a graphic file could be text, a spreadsheet, an audio recording, a video - literally anything. But the bigger the embedded file, the greater the chance of the graphic file containing it becoming distorted or visually affected.

To view or extract the embedded file, you need to

[ol]- open it in a steganographic application (usually it has to be the app that was used to create the steganographic image)

  • know the decryption/extraction method (generally a keyphrase known to both the sender and the recipient)[/ol]

It is highly unlikely that anyone would use stegonagraphy to embed a virus in an image. One of the primary aims of malware authors is to ensure that their malware can infiltrate a system with the absolute minimum of user intervention (none if at all possible). Steganography is most commonly used to discretely pass information between two parties known to each other for a common purpose. I’ve never heard of steganography being used as a malware infection vector.

Until you have done both steps 1 and 2, it’s just a file, albeit one with an extra file stuffed inside it which you would never know about until you do steps 1 and 2. You’d only do steps 1 and 2 if you knew about the embedded file in the first place.

Hope this helps,
Ewen :slight_smile:

Thanks for responding. I’ve read too many ‘‘topics’’ regarding people trying to hack others using that sort of stuff, that is kinda messed up my mind.

Is it possible to send the images i have, that could be potentially infected, to someone from comodo to inspect it?

Unless someone at Comodo can

[ol]- guess which stegonagraphic app was used to create the file

  • guess the decryption string[/ol]

then they’re going to have as much luck figuring it out as you or I would.

If you don’t need these images, just delete them.

If you do want to keep a copy of these images, open them in a graphic editor and then resave them in a different format to the original - i.e. if your image is a .JPG, resave it as a .PNG.

It is possible to overthink things a bit. :wink:

Ewen :slight_smile:

This is most def. a vector. It all depends on what program you use to view those images/pics… and who the the perps are trying to target…

How is this “most def. a vector”?

The data segment embedded steganographically in an image is inert (i.e. non-executable) until, and ONLY until, it is manually extracted by 1) opening the image in the steganographic application that created it and then 2) applying the encryption key or passphrase that was used to embed it.

Once steps 1 and 2 have successfully completed, the embedded data segment can be extracted and saved as a discrete file of some sort, totally separate from the container file it was originally embedded in.

Data that has been steganographically embedded is intended for a specific recipient - it is only useful to the person that knows the stego app and the passphrase for that particular stego enhanced file.

It is simply impossible for a steganographically embedded data segment to automatically unpack itself and perform voodoo on a random persons system.

Most def. impossible.

Ewen :slight_smile:

I mean if it was me, Id probably target VLC and then upload tons & tons of content to different torrent sites. Just thinking out loud here ;).