An old thread but a valid and interesting question. This question sometimes arises at sites using scanning and OCR solutions. Some solutions use TIF internally, like Kofax Capture, previously Ascent Capture, from Kofax. Having a vira scan of each TIF being produced at a scanning pc using a high performance document scanner may be regarded as an unwanted bottle neck by some.
With respect, I think that the comments made here are not really fully answering the question made.
The question is - as I read it - specifically about "JPG or TIF files" and about "viruses in" these type of files.
The question does say " of viruses in JPG or TIF files".
I think the answer "Attackers could use image files to infect compuetrs, oftenly called as steganography." is incorrect and misleading in this case. Again, the question was about JPG and TIF files.
The term steganography isn't technicaly correct for this either in my opinion.
The link given in the other comment is about an exploit of Microsoft Internet Explorer support of the Windows Metafile (WMF) image format. As I see it, this is slightly off the target, even if a WMF indeed was renamed or part of a double file requirement it is not really a question of having a virus in an actual TIF file.
You need a flaw in the OS or an application with a specific flaw, like Internet Explorer in the mentioned link, to trigger anything and many people are likely to open TIF files with existing rather specific TIF-viewers (Internet Explorer still lacks a native support for TIF. At least up to version 8 of IE).
You will most probably get an error trying to open a re-named TIF in a viewer not supporting the file format. If the viewer doesn’t automatically tries for other formats capabilities it seems highly unlikely the viewer would trigger any exploit based on these other formats.
Considering where TIF are mostly likely to be found due to its age, history and characteristics, the question "of viruses in TIF files" would make good to be answered pretty specifically and not in general terms.
I can’t tell on JPG but as for TIF I say “No” until proven otherwise. A guess for JPG would be the same as for TIF, but I haven’t looked into the specs for it so I can't say. JPG isn't in my book.
I am saying a TIF file (TIF/TIFF, standard up to the latest commonly known addition to base line version 6) technically cannot work as a virus. A two part approach with an intentionally AND a specifically compromised TIF interpreter together with a specifically tailored TIF would be another matter altogether and shouldn’t be mixed up with vira discussions.
Basically, IF one could already switch or insert any hostile machine instructions in location A (source) and location B (target), why bother triggering any viral capabilities by viewing a hostile data file at location B? Rather cumbersome and farfetched logical bomb. More so, not really a virus at all.
If you have compromised and replaced the instructions (code) in location B you could very well look for anything else at the target instead of some bytes inside a TIF file. The question was not if it was possible to get Trojans in a JPG- or TIF-viewer, but if the data files (images) themselves could have viruses/be viruses.
TIF has been around for ages, but I think there isn’t a single verified case of a TIF file actually being a virus.
The well known ability to hide information or even hidden instructions in a valid image (think steganography) is pointless and potentially misleading to discuss in terms of virus in actual tif files.