Photos of colorful sunsets and cute kitties will drain your bank account

[Permalink]

I don’t understand how this works. It’s got some executable code hidden within (I’d guess tacked onto the end) of a jpg file.

How does the executable code run? A jpg viewer shouldn’t display the pretty picture then say to itself “Oh, here’s some executable code at the end. I might as well run it!” (at least not on non-Microsoft platforms).

Most files containing data or code begin with some kind of metadata header describing the contents and offsets and blah blah, and usually the headers of one format (exe) will be different than other formats (jpg).

3 Likes

Trend Micro’s security analysts have recently discovered that images of sunsets (and some cats) being shared onInternet are carrying malware that can hack into bank accounts and begin drawing funds

Wrong wrong WRONG. The malware isn’t carried by the image, instead when a computer is infected it downloads configuration files that are hidden within image data, presumably to avoid virus checkers recognising the configuration files and alerting the user.

The images themselves can’t infect someone, the malware must install itself through other means (Flash/Java exploits etc.)

20 Likes

I agree. The article is not saying cat pictures will infect your computer and drain your bank account. It’s saying some malware on an already infected computer will hide data within cat and sunset pictures using steganography.

"“If you receive an email with a colorful rainbow or cute kitty, don’t open it unless it is from a known party.”

Uh huh.

Mark, I’m curious if you were actually taken in by this, or if you got the joke and are trolling your readers.

3 Likes

Oh, sure, blame the dinosaurs.

26 Likes

A stegosaurus is a “covered lizard.” Steganography is “covered writing.”

You can’t fool me.

15 Likes

Yeah, given how often hacked email accounts are used to spam every person in the emails contacts, only suggesting that one should be suspicious of emails if they are not from a “known party” is misleading advice. As is the headline and the gist of post given, as noted here in the comments, that the actual malware isn’t in the jpeg, nor is the jpeg sent via email. Instead, the malware fetches it directly, without the user ever seeing it.

The post should be corrected to clarify that email of jpegs is not involved in this threat.

2 Likes

These are the JPGs to be frightened of: JPGs which appear as such in the desktop icon, but are really EXEs that exploit a graphics feature.

2 Likes

The URL that contains actual useful information (instead of information that actively makes you stupider) is:

http://about-threats.trendmicro.com/us/malware/TSPY_ZBOT.TFZAH

4 Likes

Oh my God! A headline on Boing Boing that’s totally misleading clickbait? How can this be?

9 Likes

See how the one is hidden in the other?

Or at least it has its head up in there.

It has happened in the past:

http://support.microsoft.com/default.aspx?scid=kb;en-us;833987

Microsoft’s GDI+ had a bug that allowed a form of buffer overflow into the heap. The heap is dynamically allocated by programs at run rime and typically contains executable code. A JPEG exploiting this vulnerability could overwrite internal program structures, altering the way the program runs.

1 Like

Yep… the article sounds a bit fearmongerish…

Hell, don’t download anything from someone you think you know. A hacker may be spoofing your friend’s email identity.

They wouldn’t be covered if they weren’t hiding from something.

1 Like

Where will you see those images unless you intentionally search and download it.

this makes more sense

Ever look at Facebook?