.... Internet marketing resources, ecommerce web site design tutorials
  Taming the Beast - quality web marketing and ecommerce development services .... .


Return to web marketing and ecommerce articles index

Articles - Perrun Virus - The end of innocence?

Over the last few years, we've seen several particularly nasty families of viruses spring forth from the fantasies of virus writers. Notably amongst them are the Word Macro viruses, which can infect documents. Nimda was a blended threat, not only attacking via email but you could also be infected by visiting an infected web page - without actually clicking on anything. Email worms like SirCam grabbed files from your drive, infected them and then sent them on to others.

Not so long ago, it was quite safe to be surfing and to read email without an anti-virus program running in the background - you just needed to be careful. Those days were over with the arrival of the email worms and Nimda.

One of the last bastions of safety has been in images. The photos we sent to each other were safe to view without fearing virus infection. 

As of June 13 2002, this may not be the case any more....

Introducing Perrun - another "Concept" virus.

This "proof of concept" virus was sent to McAffee researchers by a virus writer a few days ago. A "proof of concept" virus is just a term that refers to the virus being a prototype. Called "Perrun," it is of particular concern as it is the first virus to facilitate infection via the viewing of image files. And it doesn't stop with images. Any type of file is now at risk.

It isn't uncommon for virus writers to send their creation to researchers - but at the same time, they usually send copies to other virus writers. Mutations begin appearing - usually "bigger and better" than the original malicious program.

The Perrun Virus in its current state is of very little threat, but who knows how long it will be before the full-strength mutation is created and released. It could be today, tomorrow or next year - but the point is that all computer users and web masters need to ensure that their antivirus program is updated on a continual basis. It only takes one missed update to put your systems at risk.

Update your Anti Virus Software regularly

Recently an associate learned this the hard way. He went away for a couple of weeks on vacation, came back and checked his mail - the Klez virus was waiting for him. While he was away, the Klez virus had been released so his AV software didn't "know" about it. By the time he carried out an anti-virus update, it was too late and Klez had compromised his system. Everyone in his address book was affected. For hobbyist PC users, situations like this are frustrating and embarassing. If you are a business user or webmaster and your system is compromised with an email worm, it could well mean business suicide if the infestation is traced back to you.

Perrun injects virus code into image files. When the image is opened, other images are then infected - but it doesn't stop there, the virus could be made to alter system files and propagate via other means. At present, the virus arrives as an executable attachment, so it's easy to visually detect - for the moment. As a general practice, you should never open attachments unless they have been scanned by an up-to-date AV program. If you don't have an AV program and can't afford to buy one, see the notes below.

Once the attachment is executed, it then installs a program onto the hard drive. When a .JPG image file is opened, it is infected before it can be viewed - but it is still viewable, which prevents the victim from becoming suspicious; therefore increasing it's chances of propagation through the image being sent to others. Only JPEGs in the current directory are infected, and only one file is infected per cycle. 

Again, while the Perrun virus is of minimal risk in it's present form as infected images don't alter system files and it requires the "loader" program being already present on the system, don't count on this being the case for too long. The Perrun virus affects Windows 3.x, Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP and Windows Me operating systems.

Free Antivirus Software:

We've been using AVG from Grisoft for some time now, on a Windows ME and Windows 98 system and are happy to say that even though we are bombarded by hundreds of viruses every month, not one has slipped through. If you would like a totally free copy of AVG, go to:


It's great to see some AV companies are still providing high quality freeware AV programs that actually work as well as their premium counterparts. AVG has been an absolute dream to use.

Further learning resources

Real time Virus infection map:

Watch virus progress across the globe with this world chart thats updated in real time (best viewed in 1024x768):


Symantec (Perrun data)

A lesson called Nimda

Michael Bloch
Taming the Beast
Tutorials, web content, tools and software.
Web Marketing, Internet Development & Ecommerce Resources

Copyright information.... This article is free for reproduction but must be reproduced in its entirety & this copyright statement must be included. Visit http://www.tamingthebeast.net  for free Internet marketing and web development articles, tutorials and tools! Subscribe for free to our popular ecommerce/web design ezine!

Click here to view article index 

RoboForm: Free Password Manager

Free Password Manager
Roboform is a top-rated Password Manager - PC Magazine Editor's Choice, & CNET Download.com's Software of the Year. Encrypt passwords using AES, Blowfish, RC6, 3-DES or 1-DES algorithms Free software download!






Get paid cash taking online surveys - free to join online 
survey companies that will pay you cash for your opinion!

In Loving Memory - Mignon Ann Bloch

copyright (c) 1999-2011  Taming the Beast  Adelaide - South Australia 

Profile - Contact - Privacy - Consultants Portfolio 

Search Site - Terms of Service - Social/environmental