So I understand that a method used by some virii is to run code that is say attached to a picture that has been cached from visiting a website.

How does a program run such code?

For example, I attach the binary for MOV eax, 5 or whatever to the end of a .jpg

I write a program that has the .jpg size and where my binary is located hard coded into the app. but how does the program run that code?

Is this code injection?

They exploit vulnerabilities in library code -- usually buffer overflows -- to overwrite code or stack data, thus allowing the execution of arbitrary code. This is the main reason not to use scanf().

huh, that is beyond me.

So the arbitrary code could be read into a char array, then a buffer overflow would change a functions return address to the char array.

For example, yes.

cool, thanks, I am not writing a virus, but find it fascinating. I found a good text about it at destroy.net