Title: PNG Image Metadata Leading to iFrame Injections Post by: farlack on February 06, 2014, 07:41:05 AM Researchers have discovered a relatively new way to distribute malware that relies on reading JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections.
http://threatpost.com/png-image-metadata-leading-to-iframe-injections/104047 Title: Re: PNG Image Metadata Leading to iFrame Injections Post by: kwest on February 06, 2014, 05:58:42 PM Can this be blocked somehow? I use Firefox. I guess turning off Java is one way?
Title: Re: PNG Image Metadata Leading to iFrame Injections Post by: Gabi on February 06, 2014, 05:59:51 PM Can this be blocked somehow? I use Firefox. I guess turning off Java is one way? Javascript is totally unrelated to java. So, no.Title: Re: PNG Image Metadata Leading to iFrame Injections Post by: RodeoX on February 06, 2014, 06:04:34 PM Yuck, a malicious steggo. That is hard to deal with. Do I need to shut off image loading? Would that even do it, or is the PNG read but not displayed in that case?
Title: Re: PNG Image Metadata Leading to iFrame Injections Post by: juju on February 06, 2014, 06:06:59 PM Maybe using noscript addon will block Javascript and prevent this exploit for the time being.
https://addons.mozilla.org/en-US/firefox/addon/noscript/ Not sure if Chrome has it Title: Re: PNG Image Metadata Leading to iFrame Injections Post by: kwest on February 06, 2014, 06:10:31 PM Maybe using noscript addon will block Javascript and prevent this exploit for the time being. https://addons.mozilla.org/en-US/firefox/addon/noscript/ Not sure if Chrome has it Just installed it, I hope it helps. Is there some way to only turn off PNG loading? Still allowing for JPG, GIF. Title: Re: PNG Image Metadata Leading to iFrame Injections Post by: juju on February 06, 2014, 06:19:15 PM No idea how to turn off PNG image loading with Noscript. Many years ago I wrote a browser that ignored all images and only returned barely formatted text to the users command line, I wonder if I can rebuild re-use this till the exploit is patched up. (IIRC, it was message board avatars that people used which drove me crazy, to the point I would rather read the forum without any images whatsoever additionally at the time I was under a bandwidth cap.
If anyone knows of any browsers similar to the one I coded that is decent let me know. |