Tag Archives: malware

Malware in a PNG file (for real)

Posted on December 9, 2016 | Comments Off on Malware in a PNG file (for real)

Not every report of malware in an image file is spurious. A report of malware smuggled through a PNG file looks plausible to me. It claims that for two years, criminals got malware undetected onto respectable sites with this technique. Ironically, the ads included ones for a so-called “Browser Defence.”

Unlike Check Point’s “Imagegate,” this report doesn’t claim the image alone can do anything, and it describes the technique in considerable detail. Check Point said it would give specifics about “Imagegate,” like what format is affected, “only after the remediation of the vulnerability in the major affected websites.” It’s still waiting, apparently.

The PNG exploit is impressively sneaky. A script which doesn’t trigger alarms checks the host browser’s defenses. If it finds a vulnerable target, it loads a PNG file whose alpha channel encodes the malware script, then decodes the script and runs it. The actual malware takes advantage of — wouldn’t you know it? — Flash vulnerabilities. The user doesn’t have to do anything except view the page to be victimized.

This doesn’t mean any PNG file is dangerous in itself. An external script has to extract the JavaScript from the alpha channel and run it. So this counts as an exploit of a file format, but not as a vulnerability in it. Malicious code can be embedded in any format that has room for some noise in its data.

Attacks like this are why ad blockers have become so popular.

Comments Off on Malware in a PNG file (for real)

Posted in commentary, News

Tagged ,

Sloppy reporting of image file hazards

Posted on November 26, 2016 | Comments Off on Sloppy reporting of image file hazards

Reporting carries responsibility. When you tell the public about a risk, you need to tell them what the risk is, not just scare them. An article from Check Point Software Technologies, titled “ImageGate,” shows how bad even tech sites can get at clickbait reporting. According to Wikipedia, Check Point is a business with thousands of employees, not a hole-in-the-wall IT company that hires ghostwriters to write filler.

The article claims:

the attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.

Continue reading

Comments Off on Sloppy reporting of image file hazards

Posted in commentary

Tagged ,

Possible malware

Posted on January 26, 2012 | Comments Off on Possible malware

My filter has been catching spam comments promoting seoplugins dot org (I don’t want WordPress turning that into a link). A web search discloses that their spam has slipped past the filters at quite a number of sites.

Software promoted by spam comments is almost never legitimate and is often malicious. SEO is “search engine optimization” and is a favorite field for unsavory characters preying on site owners’ desperation for more hits. I suggest giving these people a wide berth.

Comments Off on Possible malware

Posted in administrative

Tagged ,