Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Can a virus be transmitted in a picture?

Question:

My old computer was severely infected with viruses. So badly that
the viruses cut off task manager, changed my background to a screen
warning me about spyware and also tries to restart my computer every
five minutes. My anti virus pops up with a new virus its found every
few minutes as well. I’m not really interested in fixing the old
computer. I’m purchasing a new one in a week or so. My question is can
these viruses I have be transferred through pictures I have put on a
cd-rom? These are priceless pictures. My mother who uses the same
computer as me would be devastated if I couldn’t put these on the new
computer.

Short answer: probably not. In fact it’s highly unlikely that
viruses actually travel in pictures.

However, there are a few things to be aware of, and a few steps that
will increase the security of your result.

]]>

In general, you’re probably quite safe. It’s highly unlikely that a picture you had prior to an infection became infected. In fact it’s so unlikely that in your shoes, I’d probably do nothing about them.

There are some cases where pictures can in fact carry viruses, but once again even that is extremely rare. Typically, a virus-carrying picture must be created by someone with malicious intent, so they’re not going to infect existing photos. When they first appeared they were placed on websites so that visitors would be infected.

These images also take advantage of vulnerabilities that have long been fixed by Microsoft, so making sure your system is up-to-date with the latest patches also goes a long way to ensure that you’re safe even if by some change you did happen to have one.

“It’s highly unlikely that a picture you had prior to an infection became infected.”

The other picture-related vector for virus propagation is a picture that’s not a picture.

The name of a file is just that: a name, and nothing more. The operating system uses the file name as a hint of what to do with the file. For example, this means that Windows knows that “.jpg” files should be opened using an image viewer.

But there’s nothing that says a “.jpg” file needs to actually contain a picture. In fact, some exploits in the past have caused files of one type to be called something else. You see this all the time in virus-bearing email attachments where files might be called “.zip”, but in fact might contain a “.exe” executable that can then run and infect your machine.

The same thing has, at times, happened with “.jpg” files. Depending on how it’s done, and how up to date your system is, it’s possible for a virus to masquerade as a picture. If you attempt to view the picture, you get a virus instead.

But once again, these weren’t pictures to begin with; they’re scenarios that were specifically crafted to deceive.

If you have a picture that you know is a picture – particularly if it’s a picture you took with your own camera or scanned with your own scanner – then it’s extremely unlikely that it would become infected with a virus.

However there’s nothing wrong with double or triple checking.

So, here’s what I would do:

  • Burn the pictures to CD for safekeeping.

  • Run an up-to-date virus scan (or two) on the CD, making sure that it’s configured to check all files.

Assuming that comes up clean, then I’d consider those pictures perfectly safe.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

7 comments on “Can a virus be transmitted in a picture?”

  1. Thank you, Leo!
    I teach intro to computer science at a local junior college. You wouldn’t believe how much information I get from your columns to pass on to my students. I certainly do appreciate it.

    Reply
  2. Leo, have a look at this: http://www.switched.com/2008/11/03/sneaky-trojan-horse-swipes-data-on-500-000-bank-accounts/?icid=200100397x1212392818x1200794898
    It’s not new, but how many get caught and how do you know if you are going to a dangerous site? With IE7 I use a free program named CallingID. It’s from Microsoft and although slow sometimes, warns about known sites one doesnt’ need to visit.
    Haven’t seen an equivalent for other browsers, though.

    Reply
  3. the article was helpful but not so explanatory. how do i know a ‘picture that is not a picture?’. and if i were the guy who asked the question, how do i get rid of the virus? do i have to reformat my system?

    Good question. If the file is already on your machine you could, of course, run a virus scan to hopefully get rid of it. The problem is that these are most often used on malicious websites where you don’t have a chance to “look before you leap”. The best advice is simply to keep your machine up-to-date with Windows patches, since it’s unpatched machines that these things take advantage of, and stay away from questionable web sites. This article may help on what to do when you’re infected, regardless of the cause: My computer’s infected with a virus, how do I clean it up?

    – Leo
    06-Nov-2008
    Reply
  4. Hi,

    I definitely have a worm on a CDR with some very valuable pictures on it.

    What do I do now?

    Thanks,

    Carrie

    Disable autorun, copy the contents of your CD to your hard disk, run anti-virus scans (probably multiple, definitely making sure their databases are up to date), and then burn a new CD of the images.

    – Leo
    19-Feb-2009
    Reply
  5. In an explorer window go to Tools->Folder options->view and un-check “hide extensions for known file types” option. This is one of the most dangerous defaults settings of all time.

    It’s possible to name an executable file as for example picture.jpg.exe and if the extension is hidden you might be fooled into thinking you have a picture file. If you have a file with a double extension where the final extension is executable odds are high its a virus.

    Also beware of screen saver files .scr. The name means screen saver but your computer handles it exactly the same as an .exe file.

    Reply
  6. ANY file can contain a virus, even picture files. An infected picture file would exploit a known weakness in your file viewer (the application that opens the infected file) to cause the viewer to execute malicious code stored in the picture. Software manufacturers are well aware of this and have taken steps to remove those weaknesses in mature applications.

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.