Your browser is obsolete!

The page may not load correctly.

Unexpected guests

Незваные гости

Other issues in this category (33)
  • add to favourites
    Add to Bookmarks

When a PC is allergic to cats

Read: 112 Comments: 1 Rating: 5

When we talked about criminals using images to transfer information or hide malicious code, we didn't show our readers an actual example of one of those images. So let's set things right:

Take a look at the image below

#drweb

Do you notice anything strange about it?

I don't. This image was uploaded to the site in the jpeg format (the Anti-virus Times notes that we're talking about the site to which the rogue image was uploaded), but the original is a bmp file. If we view the original bmp image in a HEX editor, nothing unusual will jump out at us either.

#drweb

However, the image incorporates obfuscated shell code at 0x00200A04. And yet we don't notice any out-of-place pixels in the image. This is because the BMP header was used to lower the image's height. The full size image would look like this: Pay special attention to the upper-right corner.

#drweb

The original and malicious images differ in height by five pixels, but people usually don't notice that.

https://habrahabr.ru/company/pentestit/blog/338670

So that’s how it works.

Luckily, with Dr.Web you can safely enjoy cat images as much as you want.

#secure

Dr.Web recommends

Some cats can be a health hazard, even for a PC. To prevent your computer from experiencing an allergic reaction to harmful "fur", use Dr.Web Security Space.

Rate this issue and receive Dr.Weblings! (1 vote = 1 Dr.Webling)

Sign in and get 10 Dr.Weblings for sharing the link to this issue via social media.

[Twitter]

Unfortunately, due to Facebook's technical limitations, Dr.Weblings cannot be awarded. However, you can share this link with your friends for free.

Tell us what you think

Leave your comment on the day of publication and get 10 Dr.Weblings, or get 1 Dr.Webling for a comment posted any other day. Comments are published automatically and are reviewed by a moderator. Rules for leaving comments about Doctor Web news items.

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments