1KB is much enough to call a Windows API that will download a virus from an URL available on an IRC site, and then run and install it. Don't forget that the needed DLLs toperform these calls are already linked into the JPEG renderer which is itself running in the context of the Internet Explorer process, so it has lots of capability. I'd say that danger starts only at 128 bytes of binary payload, or about 200 bytes if there are byte restrictions. But there has been exploits using even less bytes.

Don't forget that this code may also use data or code embedded within valid image file fragments (even if this part produces some "garbage" on screen if that part of the image was effectively rendered).

In addition, you can put this image on amaliciouswebsite whereit is downloaded along with multiple images containing other parts of the exploit code. This code could also be used to remove security restriction settings, that will be used immediately after by an active viral component downloaded from the same malicious page (this active viral component beingnormally blocked by security restrictions).

One common target you could perform within 1KB would be to set a domain into the "safe" security zone instead of the internet zone.

You can also control the sequencing order for these downloaded component, for example by using delayed HTTP redirects or delayed javascript redirects. With thosetypesofredirect, you have a content bodyto downloadthe first component, and later you'll goto the next page that performs the following action.

In all modern attacks, the first steps to viral infection is first to disable the security restrictions that will allow a virus or rootkit to be "trusted" by the host and then install itself without notice.

__________________
LimeWire is international. Help translate LimeWire to your own language.
Visit: http://www.limewire.org/translate.shtml