frauenfelder at March 3rd, 2014 17:59 — #1
joey_bladb at March 3rd, 2014 18:14 — #2
I don't understand how this works. It's got some executable code hidden within (I'd guess tacked onto the end) of a jpg file.
How does the executable code run? A jpg viewer shouldn't display the pretty picture then say to itself "Oh, here's some executable code at the end. I might as well run it!" (at least not on non-Microsoft platforms).
Most files containing data or code begin with some kind of metadata header describing the contents and offsets and blah blah, and usually the headers of one format (exe) will be different than other formats (jpg).
brainflakes at March 3rd, 2014 18:21 — #3
Trend Micro’s security analysts have recently discovered that images of sunsets (and some cats) being shared onInternet are carrying malware that can hack into bank accounts and begin drawing funds
Wrong wrong WRONG. The malware isn't carried by the image, instead when a computer is infected it downloads configuration files that are hidden within image data, presumably to avoid virus checkers recognising the configuration files and alerting the user.
The images themselves can't infect someone, the malware must install itself through other means (Flash/Java exploits etc.)
quinquennial at March 3rd, 2014 18:35 — #4
I agree. The article is not saying cat pictures will infect your computer and drain your bank account. It's saying some malware on an already infected computer will hide data within cat and sunset pictures using steganography.
phasmafelis at March 3rd, 2014 18:42 — #5
""If you receive an email with a colorful rainbow or cute kitty, don’t open it unless it is from a known party."
Mark, I'm curious if you were actually taken in by this, or if you got the joke and are trolling your readers.
old at March 3rd, 2014 18:42 — #6
Oh, sure, blame the dinosaurs.
quinquennial at March 3rd, 2014 19:07 — #7
A stegosaurus is a "covered lizard." Steganography is "covered writing."
old at March 3rd, 2014 19:10 — #8
You can't fool me.
skeptic at March 3rd, 2014 19:14 — #9
Yeah, given how often hacked email accounts are used to spam every person in the emails contacts, only suggesting that one should be suspicious of emails if they are not from a "known party" is misleading advice. As is the headline and the gist of post given, as noted here in the comments, that the actual malware isn't in the jpeg, nor is the jpeg sent via email. Instead, the malware fetches it directly, without the user ever seeing it.
The post should be corrected to clarify that email of jpegs is not involved in this threat.
petzl at March 3rd, 2014 19:53 — #10
These are the JPGs to be frightened of: JPGs which appear as such in the desktop icon, but are really EXEs that exploit a graphics feature.
haineux at March 3rd, 2014 20:18 — #11
The URL that contains actual useful information (instead of information that actively makes you stupider) is:
boundegar at March 3rd, 2014 20:26 — #12
Oh my God! A headline on Boing Boing that's totally misleading clickbait? How can this be?
pjcamp at March 3rd, 2014 20:44 — #13
See how the one is hidden in the other?
Or at least it has its head up in there.
pjcamp at March 3rd, 2014 20:50 — #14
It has happened in the past:
Microsoft's GDI+ had a bug that allowed a form of buffer overflow into the heap. The heap is dynamically allocated by programs at run rime and typically contains executable code. A JPEG exploiting this vulnerability could overwrite internal program structures, altering the way the program runs.
sigmund at March 3rd, 2014 22:40 — #15
Yep... the article sounds a bit fearmongerish...
votdephuque at March 3rd, 2014 22:43 — #16
Hell, don't download anything from someone you think you know. A hacker may be spoofing your friend's email identity.
immutable_mike at March 4th, 2014 03:12 — #17
They wouldn't be covered if they weren't hiding from something.
franco at March 4th, 2014 04:09 — #18
Where will you see those images unless you intentionally search and download it.
ahmed_sayid at March 4th, 2014 07:50 — #19
jeddak at March 4th, 2014 09:08 — #20
next page →