Author Topic: How does one get infected with image files?  (Read 3532 times)

0 Members and 1 Guest are viewing this topic.

January 16, 2011, 02:13:05 pm
Read 3532 times

Kensley

  • Newbie

  • Offline
  • *

  • 5
See this post: http://www.malwaredomainlist.com/forums/index.php?topic=2207.msg20500;topicseen#msg20500

I ran a couple of the pngs and jpgs in a sandbox and saw no worrisome behavior. So exactly how are these files harmful?

January 16, 2011, 03:05:10 pm
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
The image files are actually executables, not images (see the first few bytes of the file). Running them without knowing how to identify and analyse them is not generally a good idea, nor something I'd recommend.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

January 16, 2011, 04:42:45 pm
Reply #2

Kensley

  • Newbie

  • Offline
  • *

  • 5
I run them in a sandbox.

Yeah, I saw that and renamed them to exe to see what they did.

Why are they up on a server as image files then if they have to be renamed in order to do any damage?

January 17, 2011, 12:50:25 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
They don't have to be renamed, that's the point. The system looks at the files header, not it's extension.

/edit

You should also know that alot of malware downloads additional files, and these are likely included - the downloaded file can have whatever name the malware tells it to have.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net