>I heard that an animated .gif or .jgp can have a virus in it. Is that right? How can such a thing work? What sort of code found in an image can be executed by Internet Explorer, Photo Editor, or any other common picture display program?

The basic idea of many attacks is to exploit some kind of vulnerability, some flaw in the code. An MP3 (for example) does not usually contain executable code, and if you do include machine code somewhere within an MP3, you wouldn't expect it to execute! The basic idea, however, is to use "malformed" data, data that somehow violates standard rules. If the receiving program doesn't expect a specific malformation, it may react strangely. Specifically, many flaws seem to cause a "buffer overflow", which may cause code in some otherwise unexpected location to execute.

So, for example, in the case of MP3, ways have been found to include malicious code (and run it!) both for older versions of WinAmp, and WinXP.

Some examples of exploits in networking include overlapping TCP segments, and the so-called "ping of death".

In the first case, a data stream is divided into "packets", with a typical size (I believe) of 1500 bytes. So, the first packet (of an FTP download, for instance) will have bytes 1-1500, the second packet, bytes #1501-3000, asf.

If you make the bytes overlap, for instance, packet #1 = bytes 1-1500, packet #2, bytes 1001-2500, then the receiving program might just hang. (While this probably won't run specific code, it will quickly bring a server down - a DOS attack.)

And the "ping of death", is simply an IP packet which is bigger than the allowable limit of 65KB. (This can pass public networks, making use of packet fragmentation.) Once again, if the receiving end isn't prepared for this "malformation", a single data packet can bring a server down.