Using JPEGs to Detect Malware Downloads

The attackers were embedding a very small footprint payload into a JPEG of the old Windows logo. The limit to this technique is you can only encode a relatively small amount of data before it becomes obvious that something is up if you actually care to look at it. It's not like they're sending the image in just by looking at the image you're going to get the malware, or you double clicking on the image it's going to run the malware.