Ok here’s a head scratcher - I’ll tell you the story first.
An employee at my company took a picture of a piece of equipment with his Galaxy Note smartphone. He sent that picture via text message to my boss’s phone, a Blackberry Bold (the newest one Verizon offers).
My boss saved that picture to his phone, and then sent it to his own email address, so he could view it on his computer, and zoom in on the part of the equipment that needed repairs. He opened the email by simply double clicking the attachment in Microsoft Outlook - so “windows picture viewer” being the default program, opened up the .jpeg file. He closed the image. Around this time, my boss said he started getting random advertisements pertaining to a variety of products, and every time he opened Internet Explorer, had a “Script Error” message. He just closed the window with the red X in the corner, and gave up browsing the internet after a few tries. No further issues. Didn’t notice anything out of the ordinary with that…and proceeded as though all was right with the world. (clearly it was not)
He forwarded that picture via email to me. I didn’t open the picture. I “previewed” it in Outlook, and then forwarded it onto my secretary to print out and attach to our job file. No ill effects for me.
My boss asks me to come take a look at his computer, and try to figure out what’s wrong with his browser…before you know it, we’ve got dozens of open Internet Explorer instances all with the same “Script Error” message.
My secretary opened the .jpeg the same way, double clicking the attachment and windows picture viewer opened it. She immediately got hundreds of Internet Explorer windows opening up, with a “Script Error” message each time. She unplugged the computer. Upon re-boot, she deleted the email, and didn’t have any other problems.
Our “computer guy” - he’s actually an industrial PLC programmer, but knows his way around operating systems - spent the better part of the day trying to restore normal operation to my boss’s PC. Ended up having to boot to a flash drive containing a Linux based “Comodo” something or other, and eventually used Norton Power Eraser to remove the virus. It was “Win32/Qakbot”.
He scanned my secretary’s computer also, but found no traces of anything malicious.
Where did this virus come from? Everybody wants to blame the original employee who took the picture - since opening the picture (on two different PC’s) initiated the virus attack. But that picture passed through my boss’s phone also - and his email box is the most cluttered mess I’ve ever seen. Spam a-plenty. Any ideas on whose phone or PC to throw into a fire?
Also, I’ve done a lot of reading on viruses being contained within a .jpeg - the consensus is that the .jpeg itself can’t be a virus, as it’s not a .exe, however a virus can somehow mask itself to appear as a legitimate .jpeg and even contain the information to allow you to view a .jpeg, which makes it impossible to detect without looking at a non-truncated (which outlook does all the time) file name. So I’m not saying the picture was a virus, but it certainly provided the vehicle for the virus to ride along on.