So send me email from that address and I’ll send it to you.
Isn’t it possible to create a VBS file containing an image, which brings up the image (among other things) when the script is run? If that’s the case, then anyone who looked at the jpeg should really consider checking their hard drive for any more double-extension files that magically appeared there.
You got it.
I just got the file. It isn’t a virus at all. The .vbs extension merely causes the image to launch itself into an editor. If you don’t believe it, just drop the “.vbs” extension from the file name and double-click it.
Well, that was a whole lot of nothing!
Chronos is correct. There may well be a legitimate .jpg file contained within the file, but the malicious code is run before the .jpg image is displayed, followed by the .jpg image being displayed, so the average user will not suspect any foul play, since what seemed like an image file was indeed an image file, but unknown to them it also ran some malicious code before the image itself was displayed.
evilhanz is also correct. it could just be a simple script set to launch the image in a viewer, so i’m not saying that the file you guys have includes malicious code, all i’m saying that it is possible that it does and if it does you might not even notice it 'coz all that you’ll see is the image itself.
now, evilhanz, it’s also unlikely, though possible, that the script is only set to launch the .jpg image in a viewer. This is because if you take any .jpg file without a .vbs extension and double click it, it will automatically launch in a viewer anyways, so the .vbs script is rather redundant.
So, to sum it up, the .vbs script in this particular case might not be malicious, but it is very likely that any file sent to you via email with a .vbs extension has malicious code.
Anthracite, you could probably try to forward the mail with the attachment to another email address that will allow you to download it as-is.
xash - I examined a copy of the file. The original was found in a PrintShop directory and not sent via email - the normal distribution path for malicious scripts. After looking at the file every which way, I concluded that there is no code. If you examine the file with a hex editor, you’ll see properly defined image headers. It is a legitimate image file.
This is one of those rare instances where a .vbs file does what it’s supposed to.
so that lays it to rest then…thanks evilhanz.
evilhanz, your name suggests that we now get together and write some malicious code and spread it via dopefest while no one’s lookin’
Being as it is a VBS file I can see no reason to jave the JPG part in the name other than to trick other people into thinking it is JPG.
To mail it through hotmail can’t you just change the extension? Then hotmail will not scan it but you still get to see the insides.
PCWORLD just did a review of antivirus software and I believe it was Panda that came out on top
Article on Panda Article on AV software