dChan
Anonymous ID: 3b3992 Oct. 15, 2018, 2:04 p.m. No.3487826   🗄️.is 🔗kun   >>7954

Clickbait

 

The most common way for anyone to get infected is through a social engineering attack, 77% of all infections are caused by social engineering. Clicking on a link or on an image, i.e. "Cute Pepe" is an example of social engineering you to click the link.

 

Images Can Contain Malware

 

Cybercriminals use images in a number of ways to infect your computer. In most cases, the photo itself is harmless; it's just a trick to get you to do something stupid. But sometimes, a .jpg file itself will contain malicious code.

 

And finally, there's steganography, which in a digital context means the art of hiding data in another type of file. A .jpg can easily contain additional bits interwoven within the image, without noticeably effecting the image's appearance. That additional data can include code, which is encrypted to make it harder to identify.

 

Luckily, such an altered image can't do much by itself. No image viewer will see or know what to do with that code, even if it isn't encrypted. But malware developers often break up their code into multiple pieces and distribute them separately to avoid detection. The information hidden in a picture could contain instructions useful to another piece of malware on your computer. See Zeus banking malware hides crucial file inside a photo for one recent example.

https://www.pcworld.com/article/2098620/zeus-banking-malware-nestles-a-crucial-file-in-a-photo.html

 

Be wary of photos whose origins you don't know.

 

And finally, have Windows show you file extensions so you won't be fooled. In Start menu's Search field, or in Windows 8's Search charm, type folder options. Select Folder Options. On the View tab, uncheck Hide extensions for known file types.

https://www.pcworld.com/article/2105408/3/watch-out-for-photos-containing-malware.html

 

Images Causing Buffer Overflows Can Inject Malware

 

You're correct that your OS will pick a program and ask it to open the image. The OS will not ask the program to execute the image — that would be nonsense.

 

However, images are complex formats and often contain meta data and other parts that are not directly shown — you can hide stuff in there without affecting the image on the screen. So there might be hostile data lurking inside the image file.

 

Furthermore, program can have bugs, in particular buffer overflows. Briefly, a virus can exploit this by putting too large data into the meta data sections — larger than the program that decodes the image expects. The internal buffers overflow and with enough skill, a virus writer is able to put executable code into the right place in memory so that the program that decodes the image will end up executing the code. That way an innocent and "dead" file like an image can host an exploit.

https://stackoverflow.com/questions/9675941/how-can-a-virus-exist-in-an-image

 

Javascript Malware

 

Better said, a user like you or me could get infected with malware without doing anything else than browsing a website.

 

So we made it our mission to explain JavaScript malware in simple terms, so anyone can learn how to protect their data against this threat.

https://heimdalsecurity.com/blog/javascript-malware-explained/

 

I-Frame Injections Using PNG Image Metadata

 

Understanding an iFrame Injection

 

The iframe HTML tag is very standard today, it’s an easy way to embed content from another site into your own. It’s supported by almost all browsers and employed by millions of websites today. Use Adsense? Then you have an iframe embedded within your site too.

 

Pretty nifty, I know. Like with most things though, the good is always accompanied with the bad.

 

In today’s attacks, especially when we’re talking about drive-by-downloads, leveraging the iframe tag is often the preferred method. It’s simple and easy, and with a few attribute modifications, the attacker is able to embed code from another site, often compromised, and load something via the client’s browser without them knowing (silently).

 

New iFrame Injection Method

 

Today however we found an interesting type of iframe injection.

 

It’s taking the normal behavior of an iframe injection, embedding it within the meta of the PNG file, and just like that we have a new distribution mechanism.

 

They use the createElement to use an iframe.

They place the iframe out of view via the elm.style.position.left and elm.style.position.top elements, positioning the image at -1000px.

That’s right, you can’t see a negative placement in your browser. Everything you see is positive.

But you know who can see negative placement? That’s right, the browser itself, and so does Google.

 

A nice little technique both for drive-by-download and Search Engine Poisoning (SEP) attacks.

https://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html