There’s a bit of a myth that JPEG files can’t contain viruses. This isn’t true. JPEG files can contain a virus.
However, for the virus to be activated the JPEG file needs to be ‘executed’, or run. Because a JPEG file is an image file the virus won’t be ‘released’ until the image is processed.
It’s only an image
The truth is that images can play a big part in hiding malicious code.
- For instance a JPEG, or other type of image file, can easily contain additional bits of data without noticeably affecting the image's appearance.
- This additional data can include code, which is encrypted to make it harder to identify. Such an image can't do much by itself.
- But malware developers often break up their code into multiple pieces and distribute them separately to avoid detection. For instance the information hidden in a picture could contain instructions useful to another piece of malware on your computer.
- Several years ago the notorious Zeus banking trojan, which steals personal banking information, disguised some configuration code in a digital photo
- This code was designed to activate Zeus when the user of an infected computer visited the websites of targeted banks such as Deutsche Bank, Wells Fargo and Barclays.
That said there are a growing number of instances in which hackers subvert online banner ads, and ads on website, by manipulating the pixels and replacing some of them with malicious code.
To avoid falling victim to malicious code in Jpegs and other image files make sure your operating system, browser, and antivirus software are always updated.