Your browser is obsolete!

The page may not load correctly.

Spies are everywhere


Other issues in this category (27)
  • add to favourites
    Add to Bookmarks


Read: 14351 Comments: 2 Rating: 8

Tuesday, July 11, 2017

We all know how dangerous it can be to open attachments in dubious messages. But can an image in a message do any harm?


This red cross is what’s known as a one-pixel image. It can come in handy in many situations.

In responsive web design, images of this kind are displayed in a browser temporarily while a page is being loaded. Most browsers do not support HTTP Client Hints. That's why images need to be loaded completely until JavaScript can be used to replace those one-pixel images with appropriately sized images.

One-pixel images can also be used as default images. If a required image can't be found for some reason, in certain cases it may be better to display a single transparent pixel than a 404-not-found message. You’re never going to see the image you were supposed to see, but it’s more professional not to highlight that fact by putting up a broken image icon.

However, pixel-sized images, also called tracking pixels, may serve as web beacons. In the simplest scenario, downloading an image will enable fraudsters (or marketers who track how effective their mailings are) to learn when the message was opened as well as the IP address and the name of the host that requested the image.

And this is a piece of valuable information for spammers because it enables them to determine whether a certain email address is being used or not. But tracking pixels can do even more. They can be used to determine the target OS, and acquire cookie files and information about the recipient's mail client.

Our most attentive readers must wonder what JavaScript has to do with it. A pixel-sized element can incorporate not only an image but also JavaScript code that was initially intended to gather system information. This information can be required, for example, to determine the screen size so that images are scaled properly. But if fraudsters are able to use JavaScript, they can also gather information they need, upload files, and do other nasty things—the possibilities are enormous.

Pixel-sized elements can also be hidden. Indeed, such images really can be just one pixel in size; they can be transparent or be in the background colour so users never notice them. You’re being analysed and have no clue about it!

Tracking pixels are often found in website code. And some of their features appear to be truly unique.

Let's assume that site A displays a certain image (perhaps it’s one pixel in size and transparent) from site X which collects user data. Then if a user goes to site B, which also features the same image from site X, the browser won't download the image but will instead use the copy saved in its cache. Thus site X learns that the user previously visited site A. That's why disabling caching can help maintain web anonymity.

There is also always the risk of attackers compromising a site to replace an image on its home page just for the sake of replacing it with a script.

What are we to do?

#JavaScript #cookies #monitoring #surveillance #security

The Anti-virus Times recommends

  • If you don't need to view the images in a message body, configure your mail client so that images are not opened by default. Unfortunately, many free email services are set to display images—indeed, everyone is interested in user data.
  • Use Dr.Web Security Space which can detect malicious scripts.


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.