Sure you can, for steganographic purposes. It doesnt mean it will get executed to, you would need a .jpg that exploits some image viewer vulnerability for that. Holes like that have existed in the past, and probably more exists that is yet to be found or is not yet public (aka 0-day)
I think OP's idea is to go through the 5000 odd user names on this forum picking out all the users with associated email address's to send a picture to with an embedded keyloger or trojan! you can get 0-day exploits on I-frame but they're 10's of thousands of dollars. OP's best bet might be house burglary instead.