JPG's themselves are exploitable. But as far as I know there has never been any record of a virus 'in the wild' which can do this.

There is and not limited to JPG. The thing is though it is not common and the simple reason for that is that there are far easier and more productive (for want of a better term) ways of nailing people. To many it is much more fun to visualise the damage one can do and the easiest way to achieve that is to distribute trojans that work from mIRC or distribute a dedicated DDoS bot, many of which are bigger than mIRC, 2MB +, and extremely powerful war machines at that.

As an example and without naming the programme, I know of a DDoS bot that can pick and choose from 1000's of nicks, user ID's and 'full names', which are also at randomly variable lengths. The same thing can also hunt down any available proxies it can find anywhere in the world and use such proxies to join IRC networks. And this animal doesn't need to sit in a channel either, there is only one copy needed. Why waste time trying to offload bad pics when you can do it this way and watch it working?