[schoen]

In the late 1990s there were a ton of hoaxes about image files supposedly being viruses. Most famously:

https://en.wikipedia.org/wiki/Goodtimes_virus

I remember telling lots of people at the time that this was impossible, because images weren't executable code, and viruses spread through running programs, not through viewing images.

Unfortunately, this elegant, straightforward distinction didn't hold up over time. :-(

https://en.wikipedia.org/wiki/Weird_machine

[nomel]

> Unfortunately, this elegant, straightforward distinction didn't hold up over time. :-(

I think it was more that it was never true, rather than not holding up in time. ;)

The earliest I can find is a vulnerability in Netscape 3.0 (1996), not found until four years later:

https://www.openwall.com/articles/JPEG-COM-Marker-Vulnerabil...

[thrashh]

You just need a buffer overflow in a file format parser.

Thus the distinction has never existed. There has never been such thing as a “safe” format.

[anshumankmr]

>because images weren't executable code

I believe that is what the creators of this virus must be relying on. All I hope is that creating this image virus doesn't become common knowledge (cause that we will fundamentally reshape how we interact on social media).

[krisoft]

> All I hope is that creating this image virus doesn't become common knowledge

All I hope is that devs start replacing parsers with ones written in a safe language.