return To index
==============================================
Infecting Picture Files : A Desperate Approach
==============================================
by alcopaul/brigada ocho
may 27, 2011 (First edition: 2002)
Here's an outline of how to infect picture files...
(A) (B) (C) (D)
======================== ===================== ======================== =====================
| | | | | | | |
| | | Virus | | Picture | | |
| | | | | | | |
| Picture | + |===================| -------> |======================| + | Extractor |
| | | | | | | |
| | | Extractor | | Virus + Extractor | | |
| | | | | | | |
======================== ===================== ======================== =====================
Steps)
1.) (B) arrives in a system and infects a picture file (A). It checks if extractor (D) ("Virtual Machine" for our virus to operate) is
installed. If not, it installs the extractor (D) and modifies how the system opens a picture file (usually by passing the picture
as a parameter of the extractor)
2.) Whenever an infected picture file (C) is viewed or opened, the extractor extracts the executable part from the picture and executes
it (B), infecting another picture file (A).
3.) Extractor calls the appropriate viewer to display the infected picture file.
4.) If clean picture file is opened, the extractor just displays the picture.