"SherLok Merfy" <brewhaha@freenet.edmonton.ab.ca> wrote:
On Sat, 28 Feb 2004, Hiram Berry wrote: (...)
in spite of my fairly high level of vigilance a malicious spammer had gotten 2 copies of the mydoom.f worm onto my computer disguised as, of all things, a .png file!
I don't see a likely problem, there. Of all the places where a virus scanner is likely to make a false hit, it's a compressed graphics file or an encrypted file. I think you're probably right in this case; as time goes on the viruses get more complex, the search strings and algorithms for the scanners escalate in response, and eventually the "million monkeys on a million typewriters" effect must intersect in a lot of false positives. You don't execute .png files, so it can't spread from there. Yes, that's reassuring, it may be also be an artifact of the "infection" process, ie. not intentional-- perhaps at some other stage the worm copies itself into random files, some of which are distributed unknowingly-- most would be nonvirulent in that form. Now, you might say that it isn't required to execute OPCODES, but portable network graphics are not a programming language of any kind. To state a limit on Java that didn't turn out to be so fundamental, it certainly doesn't hav access to the filesystem. PNG isn't, but some of the information encoded in an image could be a program, ie. I think they call it steganography. Like you I don't _think_ that poses any kind of real threat, since the malicious program would have to be reconstituted by some other process to be dangerous, but it is interesting from the standpoint of overall information transfer dynamics. You might also say that a file enumerating the base pair sequence of say, the SARS virus, which I believe you can download from a publicly accessible database, is just the textual result of experimental observation and therefore not a program either, but I would disagree with such a statement.
Hiram Berry