• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

A virus within a JPEG

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Goto page Previous  1, 2, 3
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Wed Mar 24, 2004 3:32 am    Post subject: Reply with quote

Also, the file doesn't really need to exploit a bug to be dangerous or at least bothersome. For example, just by taking advantage of Java's power (or ActiveX), it could do some quite nasty things... Provided your browser supports those standards, doesn't make much difference which browser it is for something like that.
Back to top
View user's profile Send private message
Anub!$
Just Arrived
Just Arrived


Joined: 23 Sep 2003
Posts: 1
Location: Computer Chair

Offline

PostPosted: Wed Mar 24, 2004 12:32 pm    Post subject: Reply with quote

True, note the could part though.

My browser would not display that image, as it said it was corrupt.

I use firefox btw.

Someone here said that it downloads an exe file to you're temporary internet files folder, and then executes it, well as far as I know firefox does not allow exacutables to be written in to its temp directories.

However like you say, it can be saved to disk and then run, opening it with a text editor shows this:

Code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//PL">
<html>
<head>
   <title>Fotki Marioli!</title>
   
<META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=iso-8859-2">
<META HTTP-EQUIV="Creation-date" CONTENT="2002-12-22T14:28:18Z">
<META HTTP-EQUIV="Content-Language" CONTENT="pl">
<META NAME="Keywords" CONTENT="Insert Keywords Here">
<META NAME="Description" CONTENT="Insert Description Here">

<script language="JavaScript" type="text/javascript">

// Zmienne identyfikujace przegladarke:
var nazwa = navigator.appName;
var ekran = (typeof(screen)=="object") ? screen.width : null;
var wersja = parseFloat(navigator.appVersion);
var msie = nazwa == "Microsoft Internet Explorer";
var nn = nazwa == "Netscape";
var inna = !(msie || nn);

if (msie) {
// Jesli to MSIE, to wersja zostala zle rozpoznana.
var ws = navigator.appVersion;
wersja = parseFloat(ws.substring((ws.indexOf("MSIE") + 5 ),ws.length));
}

function go(gdzie) {
window.location = gdzie
}

// Tu umiesc instrukcje przekierowania:

if (msie && wersja>=6) go('6.php')
else go('5.php')


//-->
</script>
<noscript>

</head>
<IMG SRC="ja.jpg">
<BODY BGCOLOR="#000000" LEFTMARGIN="0" TOPMARGIN="0" MARGINWIDTH="0" MARGINHEIGHT="0">

</body>
</html>


If its ok to post that Wink

If its not then delete it and pm me about it or something.
Back to top
View user's profile Send private message
capi
SF Senior Mod
SF Senior Mod


Joined: 21 Sep 2003
Posts: 16777097
Location: Portugal

Offline

PostPosted: Wed Mar 24, 2004 3:47 pm    Post subject: Reply with quote

Laughing I have already posted that since the beginning, look 1 or 2 pages back.

Yes, certain exploits do depend on the browser, I suppose it will be the ones that don't work on top of standards (like IE's annoying tendency to happily execute every file it gets, regardless of it's extention not matching). But as I said, some standards are dangerous in nature - if the browser supports them to full extent, then it will be vulnerable to misuse (unless it implements some sort of protective limitations, in which case you can't say it supports the standard to it's full extent).

Either case, you never know. Just because Mozilla isn't IE doesn't mean it doesn't have bugs, same thing goes for Linux - what saves the day is the fact that they are (for now) far less common, so 90% of the viruses are targeted at IE-specific features (or standards that IE supports, even though other browsers may limit those standards).
Back to top
View user's profile Send private message
Zarnick
Just Arrived
Just Arrived


Joined: 27 Mar 2003
Posts: 1
Location: Brazil

Offline

PostPosted: Thu Mar 25, 2004 10:24 pm    Post subject: Reply with quote

I would say it is 99% for M$ plataforms and apps.
Back to top
View user's profile Send private message Visit poster's website MSN Messenger
Anub!$
Just Arrived
Just Arrived


Joined: 23 Sep 2003
Posts: 1
Location: Computer Chair

Offline

PostPosted: Thu Mar 25, 2004 10:40 pm    Post subject: Reply with quote

Quote:
I have already posted that since the beginning, look 1 or 2 pages back.


Oh yeah, so you did Embarassed

Portal must have jumped me past it after the conversation got on to the second page Wink
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Goto page Previous  1, 2, 3
Page 3 of 3


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register