Spreading of .jpg virus

My neighbor just bought a new PC and I set it up for him and installed avast. Next day his daughter sent him a URL to a retirement community in Texas.
http://www.evergreenlewisville.com/res.asp

As he checked the links avast popped up a warning of a virus on the "Corporate page http://www.churchillresidential.com/family/

I took a screen shot of this and it shows 2 images have the "Trident TPE ver 1.4 virus on this page.

I doubt the people who made this web site would deliberately put a virus in it. So now I have some questions.

1. Can a .jpg virus spread to other .jpg’s because 2 of these a infected?
2. Is this a “False Positive”?

maybe this page is redirected hiddenly: please, see the source code.

I think it’s a false alarm.

i have tried: yes, avast! say the same alarm.

igor is right. surely a false alarm. :slight_smile:

Ok on the False Alarm. So now what about the first question.

[b]1. Can a .jpg virus spread to other .jpg's?[/b]

Its a false positive, see screenshot. If you can, download the jpg’s and send them to virus [at] avast [dot] com, stating that they are false positives.

I saved the file and scanned them with avast…the Nav_6-over.jpg comes up as a virus. So what gives with this file?

PS:
The virus writer
Trident TPE ver 1.4 virus

Interview with John Tardy
http://www.madchat.org/vxdevl/vdat/ivjohnta.htm

The picture triggers an alarm in this forum, please remove it before some forum member has a heart-attack! :wink:

I don’t get any alarms.

Well, I do. see screenshot.

Do others get an alarm? I don’t…maybe different avast versions?

Same here. I get the warning.

I can go to the page where this file came from and get a warning, but not in this forum. I also saved the “Nav_6-over.jpg” on my desktop and scan with avast and get a warning.

I want to ask for the third time.
Can a .jpg virus spread to other .jpg’s?

Well, there are not many “jpeg viruses” known. There are some jpeg explots (the well known MS04-028 problem)… if such a code gets activated, it can do mostly anything (just as any other virus). So, theoretically, it could infect other jpeg files on disk - or any other files, actually. Right now, however, I don’t think such a virus exists; the existing MS04-028 exploits are mostly trojans (or rather downloaders).

Thanks Igor!

Now I have to find out where “xistenz” got the screen shot he posted of the scan results.

The screenshot was from http://virusscan.jotti.org.

@ a61, make sure you are using the latest version of avast! (4.6.652). If you are using 98/ME, then set your connection settings to “localhost” on port 12080 to allow the webshield to scan webpages. Search the forum for more details on how to do this.

@ Spyros,

Perhaps avast! should come with a health warning: WARNING! AVAST! ANTIVIRUS MAY BE HAZARDOUS TO YOUR HEALTH. PLEASE CONSULT A PHYSICIAN BEFORE USING THIS PROGRAM

;D ;D ;D ;D ;D

make sure you are using the latest version of avast! (4.6.652). If you are using 98/ME, then set your connection settings to "localhost" on port 12080 to allow the webshield to scan webpages. Search the forum for more details on how to do this.

I did a manual update and got a message that Avast isn’t compatible with Zone Alarm. So I just restored the PC with Tuesday’s image…no time to fool with it now. Maybe I’ll wait untill it’s compatible with ZA, then install it. Right now everything works perfect.

PS: Using XP Pro SP2

[b]Kaspersky: JPEG-Schädling womöglich im Anmarsch[/b] Ausnutzung alter Windows-Sicherheitslücke befürchtet Ein Mitarbeiter des Antiviren-Hersteller Kaspersky Labs berichtet, dass neue Varianten eines Trojanischen Pferdes gesichtet wurden, das sich über ein längst geschlossenes JPEG-Sicherheitsloch in Windows verbreitet. In Kürze könnte daher die Gefahr bestehen, dass sich entsprechende JPEG-Schädlinge im Internet verbreiten.

source: http://www.golem.de/0508/39680.html

I try to translate it in english :wink:

[b]Kaspersky: JPEG-varmint probably coming[/b] Worry about utilize an old Windows-bug. A assistent of Kaspersky Labs report that new variants of a JPEG trojan has been sighted using a fixed bug in Windows to spread around. Within a short time it is a possible risc that JPEG-varmints will spread around the internet.

What do you say about this message?
When the bug is already fixed and there is a risc that means (I think) that not really much poeple has fixed this bug or on the other hand that this bug is not really fixed (or the fix is bad).

I think I have installed all fixes and I have avast :wink: and a firewall … I think that´s enough.

But the most poeple don´t have anything like that.
There are firewalls fore free, you can get virus programs for free and there is also the windows xp sp2 firewall.

Some poeple, I think, have no interest in security.