Slightly O/T, since djcross originally posted about TIFF’s, but …
Interesting, John. I was certain I’d seen, maybe a couple of years ago in some computer magazine or another, similar news out of CERT (I think that’s the right org. - “official” computer security?) that they’d made an interesting and potentially serious discovery in their labs.
They’d found that viruses and/or worms could be “piggybacked” onto JPG’s, which of course most a-v scanners will just ignore. My son told me I was crazy, since JPG’s essentially just a compression format, but I’m inclined to think the guys at CERT know a little more about such things than he does. 
They did say, though, that they had no reason to believe it had ever been done except in their own labs.
Best,
Mike