"Normal antivirus software, by default, will not detect JPEGs," Hypponen said. "You can set your antivirus scanner to look for JPEG, but the trouble is that you can change the file extension on a JPEG to so many things."
There are about 11 file name extensions to which JPEGs can be changed, including .icon or .jpg2. Hypponen said this would make finding malicious JPEGs even more difficult; searching could take up a significant amount of valuable processor power.
Internet Explorer processes JPEGs before it caches them. That could also mean that desktops may become infected before antivirus software has a chance to work.
"This means that it is not enough to scan at the desktop," Hypponen said. "You have to scan at the gateway, but this will put a huge load on your bandwidth."