Users question JPEG virus, McAfee stands firm

Users and antivirus vendors are questioning the seriousness of a virus announced recently by McAfee Security, a division of Network Associates Inc., as well as the manner in which McAfee doled out details about the virus.

On June 13, McAfee issued a press release about the W32/Perrun virus which is the first virus to infect JPEGs, a type of image file, McAfee said. Perrun, which McAfee received from its author, uses an executable file to infect image files and then tries to spread the infection to other image files in the same directory, according to McAfee. The virus requires the presence of the executable and cannot work without it, McAfee said.

The discovery of the virus could lead to the rearchitecting of antivirus programs, as well as possible mutations that could see the virus executable embedded in image files and on the Web, said Vincent Gullotto, senior director for McAfee AVERT (Anti-Virus Emergency Response Team), at the time.

Since McAfee's original announcement of the virus, users on Web pages and e-mail lists have disputed Gullotto's statement that executable files could be embedded in JPEGs.

"Viruses are more than just pieces of self-replicating code, they need to be delivered in such a way that causes them to be executed," wrote Kevin Austin, Assistant Professor of Computer Science at Fitchburg State University in Fitchburg, Massachusetts, in an e-mail to the IDG News Service. "JPEG files are never executed. They are instead opened as data files by application programs," he wrote. Applications do not look for executable code in data files and therefore would not run it, he said.

Images that contained executable code would either appear damaged or would not open at all when double-clicked, wrote David Stidolph, a programmer and consultant based in Austin, Texas, in another e-mail to the IDG News Service.

"Images may or may not appear 'damaged', but in no case will any of the picture code be executed, so you could never replicate a virus this way," he wrote.

Even some of Gullotto's colleague's in the antivirus field disagree. Sophos PLC, an antivirus firm that competes with McAfee, issued a press release at the time discounting the seriousness of the virus. Sophos had the virus in its labs two days before McAfee announced its existence, but chose not to say anything because the virus was "really just a proof-of-concept ... a real nonevent," said Chris Wraight, technology consultant at Sophos, in an interview Friday.

However, Gullotto isn't backing down from McAfee's original warning. McAfee "still (stands) behind what it was we said," he said in an interview Friday.

The original virus warning was not about the immediate threat posed by Perrun, which is tiny, but rather about the possibility that future changes in software and technology could cause greater problems, he said.

Gullotto allowed that embedding an executable file into a JPEG "probably wouldn't work today, as things are," but stressed that McAfee's "concerns are still more so for the future." Because of the changes made to software and file types, the ability could be added to image and other data files to run executables, which could make this virus a problem, he said.

"I'm only saying what possibly may exist if the technology moves in that direction," he said. McAfee has to keep an eye on possible developments in order to keep its customers apprised of potential vulnerabilities, he said.

The way McAfee went about warning users in this case -- saying that a large number of data types could eventually be unsafe -- was a problem, said Sophos' Wraight.

"The other companies have been more prone to hype viruses to get attention and sales (than Sophos). We just, as a company, don't act that way," he said. It is "an approach we don't subscribe to."

Gullotto reaffirmed his support for McAfee's handling of the matter, but said that "there are clearly some disagreements in the antivirus industry."

The disagreements can run deep and have serious consequences, Wraight said.

Hyping viruses unnecessarily "hurts the industry as a whole," he said. "(It) runs the risk of breeding complacency with users" and making them not pay attention during actual, serious outbreaks, he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?