Can viruses hide and launch from backed up docs, photos, etc?

[RegEdit]

Can viruses hide inside documents, spreadsheets, photos, etc when we're talking about just a backup of "documents and settings" on a USB drive? If so wouldn't the virus have to be launched via a .exe file to do damage if opened from another virus free computer?

So when I back up a customer's data to a USB drive should I run a virus scan of that data and quarantine it or give it to them "as is"? Obviously a virus scan is "destructive" so that's the only reason I would be hesitant.

 

[strategictech]

Good question. The unfortunate answer is yes. If the operating system, or image/word/etc viewing application is vulnerable, and the image was crafted to exploit that application, execute a payload, it could do just about anything an executable could do. This doesn't happen extremely often, but it does happen.

I would advise just keeping your software patched, should be enough to filter out most of the exploits, but unfortunately, not all of 'em.

 

[RegEdit]

But here's the deal... Their computer was badly infected and they want to wipe the drive and do a reinstall (usually I recommend a new HD, but they don't want to spend any extra $$). They have critical data, so I backed up their Document and Settings data using the XCOPY DOS command prompt to their USB drive. I am going to give them the drive so that they can verify that their critical documents are all safe BEFORE I wipe the drive. The question is whether or not to run a couple of virus scans on their data before I pass it off to them.

I'm thinking that I should ALSO image their entire infected C drive for safety, then virus scan the documents and settings that I XCOPY'ed. Yeah?

 

[rkenig]

I would. You want to protect your customer and a little extra effort to be sure could save you time in the long run. Also isn't a bad idea to image in case something goes wrong.

 

[RegEdit]

So when a virus lurks in USB drive data that was transferred over from an infected computer, what has to happen for it to infect a new machine? Does an .exe file pop up? Do these viruses need "help" from the user? If there's no infection in the new computer what is gonna bring these viruses to life? Doesn't seem likely.

 

[MobileTechie]

You're far, far more likely to transfer the virus over from the usb drive autorun or similar than from data consisting of non-executables like jpgs etc.

 

[Bryce W]

Yes, but chances are the infected files would need to be run again to start the ball rolling.

So when a virus lurks in USB drive data that was transferred over from an infected computer, what has to happen for it to infect a new machine? Does an .exe file pop up? Do these viruses need "help" from the user? If there's no infection in the new computer what is gonna bring these viruses to life? Doesn't seem likely.

Most USB viruses will copy the executable to the USB drive and drop a autorun.inf file. All you would need to do is plug in the USB drive into a new computer and it would be infected if the AV didnt catch it (provided that autorun was switched on, which it is by default).

 

[repairit]

I tend to see them come from my drive images just from copying them back to the new install all the time. Fortunatley my AV/Malware protection catches them during the copy. AV/Malware scans are a must before backup for security of your customer and internal network.

 

[Xander]

Yes, but chances are the infected files would need to be run again to start the ball rolling.

Came to add this. Autorun infections, DOC macros, JPG infections (requiring Office) and so on... they all need to be run/opened to work.

Don't know that I've ever heard of a passive infection. Anyone?

 

[ATTech]

Don't know that I've ever heard of a passive infection. Anyone?

It would need to exploit a software vulnerability in the OS that allows it to run after being copied, so it's theoretically possible, but I highly doubt there are any.