Home » Software » Software News » Images Are The New Virus-Carriers

Images Are The New Virus-Carriers

At the Black Hat hacker fair in Amsterdam, security researcher Saumil Shah demonstrated how one can hide an exploit code in an image. This makes it possible to circumvent all security warnings issued by browsers. To pull this off, Shah used steganography, which is a well-known technique through which tools can code programme code or files into an existing image without changing the image in a noticeable way. The file’s extension and header also remain the same. However, the security expert went one step further. Normally, a steganography tool that serves as a decoder must be present on the computer, so that the code can be read out from the image.

Saumil-Shah Images Are The New Virus-Carriers

At Black Hat Europe, Saumil Shah presented a method of hiding malware in normal JPG images

Shah used a trick to integrate a Javascript-based decoder into the image, which even forensics experts find difficult to detect. Anti-virus programmes are completely overwhelmed by it, as none of the latest programmes flag Saumil Shah’s procedure as a threat. When a user views the manipulated image in the browser, the malicious code infects his computer, running the integrated Javascript in the background.

According to Shah, the issue of whether the actual malicious code will be detected by anti-virus systems depends on the individual case in question. His goal was to demonstrate that the code can get past all kinds of tests to reach a computer. Users would only be able to protect themselves against such an attack by using programmes such as NoScript, which will prevent the execution of Javascripts. However, browser updates by the manufacturers would be more important. The programmes have so far been executing every single piece of code – even if it’s hidden within an image.

Leave a Reply

Your email address will not be published. Required fields are marked *

Name *
Email *

This site uses Akismet to reduce spam. Learn how your comment data is processed.