Bitcoin Forum

Researchers have discovered a relatively new way to distribute malware that relies on reading  JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections.

http://threatpost.com/png-image-metadata-leading-to-iframe-injections/104047

Can this be blocked somehow? I use Firefox. I guess turning off Java is one way?

Javascript is totally unrelated to java. So, no.

Yuck, a malicious steggo. That is hard to deal with. Do I need to shut off image loading? Would that even do it, or is the PNG read but not displayed in that case?

Maybe using noscript addon will block Javascript and prevent this exploit for the time being.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

Not sure if Chrome has it

Just installed it, I hope it helps.

Is there some way to only turn off PNG loading? Still allowing for JPG, GIF.

No idea how to turn off PNG image loading with Noscript. Many years ago I wrote a browser that ignored all images and only returned barely formatted text to the users command line, I wonder if I can rebuild re-use this till the exploit is patched up. (IIRC, it was message board avatars that people used which drove me crazy, to the point I would rather read the forum without any images whatsoever additionally at the time I was under a bandwidth cap.

If anyone knows of any browsers similar to the one I coded that is decent let me know.