When the graphic is viewed by the victim, the web site will attempt to take advantage of the chaos created by the graphics rendering vulnerability and exploit it where the web site causes a malicious executable to be downloaded and run. For example a malicious web site may be setup to host the Graphic file that has been created to exploit a graphics rendering vulnerability. But it is still not an auto executable situation. This takes an external file whether it be a a Script ( VBScript, Powershell, Python, etc ) or a utility that has been hard coded to take the manipulated graphic file and extract the malicious binary and execute it.Ī graphic file that has been specifically crafted to exploit a vulnerability in a graphics rendering engine is another story. It may be a low quality graphic or it may me very simplistic for its physical size but rendering it will not cause a malicious binary that was embedded within to be executed. Such a file will still be rendered and the graphic shown. That means a program, utility or a OS construct opens the file and displays the graphic accordingly. Graphic files manipulated through steganography or mathematical manipulation are not executable. The word steganography combines the Greek words steganos ( στεγᾰνός), meaning "covered or concealed", and graphe ( γραφή) meaning "writing". " Steganography ( / ˌ s t ɛ ɡ ə ˈ n ɒ ɡ r ə f i/ ( listen) STEG-ə- NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. Malwarebytes - it is just a one word name. Sorry to bother in this topic, but is there any blog or informative page around regarding this about how it exactly works etc. In that state the modified graphic file is safe and will not "self execute" and it will require a secondary program or script to extract the PE binary which is the malware. The Graphic File can be manipulated in such a way as where a PE binary is appended to the graphic or mathematically added ( Example: XOR ) or by using steganography. Graphic files can also be used to hide malware "in plain site". ![]() Left unpatched, that's one way a site using an Exploit can effect a malware download with a possible execution. There have been graphic files that have been crafted in such a way as to exploit known vulnerabilities in the Graphics Rendering module of MS Windows. Graphic files come in many formats such as GIF, PNG, JPEG, BMP, PCX and other formats. ![]() The web site hosting it can be and that's why you always have to be on your guard. Graphic files in themselves are not malicious per se. It is possible but not probable and because that possibility exists, is the reason we install anti malware software on our computers. Putting it back into perspective, if you are just using Google Images this will not be too likely. The vast majority of malware are trojans and the chances of a malicious web site using an Exploit to cause download and possible execution will be for a trojan, and not a virus. Your Profile indicates " Interests: Malware analyzing " so you should be well aware that all viruses are malware and not all malware are viruses and viruses play a very small fraction within the malware arena. If you willy-nilly Browse the Internet you can possibly land on a malicious web site using an Exploit and cause malware to be downloaded with a possible execution.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |