Other issues in this category (70)
Tuesday, April 16, 2019
Many people are already aware of the fact that malicious code can be concealed in an image. However, in such cases, the image simply serves as safe storage, and another application is needed to extract the code. Or rather, that's how things worked until recently.
Here you can learn in detail how an attacker can trick a computer into interpreting file data in two ways.
Let's open a BMP file.
The first two bytes (the red square) are the hexadecimal representation of the characters BM for a BMP image. The next 4 bytes (8A C0 A8 00) are the size of the image file. This is followed by 4 null bytes (00 00 00 00) and the data offsets (8A 00 00 00). This gives the computer most of the information it needs to know how to execute this file correctly.
Now here is a header for a Polyglot BMP image file:
Let's look at the part of the exploit that comes at the end of the file.
The file can now be run in the browser two different ways:
Try locating script code in the file below!
The Anti-virus Times recommends
Malicious code can lurk even in image files, and you will never guess that a seemingly harmless picture may have been the cause of your system infection.
Attackers are constantly perfecting technologies that help disguise and conceal malicious code. However, security technologies are constantly evolving too, and, apart from an anti-virus, there is no way to protect a system from these types of threats. Install Dr.Web: Thanks to the synergy that exists between its behavioural analyser and its non-signature heuristic and preventive protection technologies, it protects systems against all known and unknown threats.