My old computer was severely infected with viruses. So badly that
the viruses cut off task manager, changed my background to a screen
warning me about spyware and also tries to restart my computer every
five minutes. My anti virus pops up with a new virus its found every
few minutes as well. I’m not really interested in fixing the old
computer. I’m purchasing a new one in a week or so. My question is can
these viruses I have be transferred through pictures I have put on a
cd-rom? These are priceless pictures. My mother who uses the same
computer as me would be devastated if I couldn’t put these on the new
computer.
Short answer: probably not. In fact it’s highly unlikely that
viruses actually travel in pictures.
However, there are a few things to be aware of, and a few steps that
will increase the security of your result.
]]>
In general, you’re probably quite safe. It’s highly unlikely that a picture you had prior to an infection became infected. In fact it’s so unlikely that in your shoes, I’d probably do nothing about them.
There are some cases where pictures can in fact carry viruses, but once again even that is extremely rare. Typically, a virus-carrying picture must be created by someone with malicious intent, so they’re not going to infect existing photos. When they first appeared they were placed on websites so that visitors would be infected.
These images also take advantage of vulnerabilities that have long been fixed by Microsoft, so making sure your system is up-to-date with the latest patches also goes a long way to ensure that you’re safe even if by some change you did happen to have one.
The other picture-related vector for virus propagation is a picture that’s not a picture.
The name of a file is just that: a name, and nothing more. The operating system uses the file name as a hint of what to do with the file. For example, this means that Windows knows that “.jpg” files should be opened using an image viewer.
But there’s nothing that says a “.jpg” file needs to actually contain a picture. In fact, some exploits in the past have caused files of one type to be called something else. You see this all the time in virus-bearing email attachments where files might be called “.zip”, but in fact might contain a “.exe” executable that can then run and infect your machine.
The same thing has, at times, happened with “.jpg” files. Depending on how it’s done, and how up to date your system is, it’s possible for a virus to masquerade as a picture. If you attempt to view the picture, you get a virus instead.
But once again, these weren’t pictures to begin with; they’re scenarios that were specifically crafted to deceive.
If you have a picture that you know is a picture – particularly if it’s a picture you took with your own camera or scanned with your own scanner – then it’s extremely unlikely that it would become infected with a virus.
However there’s nothing wrong with double or triple checking.
So, here’s what I would do:
-
Burn the pictures to CD for safekeeping.
-
Run an up-to-date virus scan (or two) on the CD, making sure that it’s configured to check all files.
Assuming that comes up clean, then I’d consider those pictures perfectly safe.
Thank you, Leo!
I teach intro to computer science at a local junior college. You wouldn’t believe how much information I get from your columns to pass on to my students. I certainly do appreciate it.
Leo, have a look at this: http://www.switched.com/2008/11/03/sneaky-trojan-horse-swipes-data-on-500-000-bank-accounts/?icid=200100397x1212392818x1200794898
It’s not new, but how many get caught and how do you know if you are going to a dangerous site? With IE7 I use a free program named CallingID. It’s from Microsoft and although slow sometimes, warns about known sites one doesnt’ need to visit.
Haven’t seen an equivalent for other browsers, though.
the article was helpful but not so explanatory. how do i know a ‘picture that is not a picture?’. and if i were the guy who asked the question, how do i get rid of the virus? do i have to reformat my system?
06-Nov-2008
This article helps with my comprehension. Thanks a lot!!!
Hi,
I definitely have a worm on a CDR with some very valuable pictures on it.
What do I do now?
Thanks,
Carrie
19-Feb-2009
In an explorer window go to Tools->Folder options->view and un-check “hide extensions for known file types” option. This is one of the most dangerous defaults settings of all time.
It’s possible to name an executable file as for example picture.jpg.exe and if the extension is hidden you might be fooled into thinking you have a picture file. If you have a file with a double extension where the final extension is executable odds are high its a virus.
Also beware of screen saver files .scr. The name means screen saver but your computer handles it exactly the same as an .exe file.
ANY file can contain a virus, even picture files. An infected picture file would exploit a known weakness in your file viewer (the application that opens the infected file) to cause the viewer to execute malicious code stored in the picture. Software manufacturers are well aware of this and have taken steps to remove those weaknesses in mature applications.