Bitcoin Forum
August 01, 2021, 03:13:23 PM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: PNG Image Metadata Leading to iFrame Injections  (Read 1009 times)
farlack
Legendary
*
Offline Offline

Activity: 1299
Merit: 1000


simply getting the job done


View Profile
February 06, 2014, 07:41:05 AM
 #1

Researchers have discovered a relatively new way to distribute malware that relies on reading  JavaScript code stored in an obfuscated PNG file’s metadata to trigger iFrame injections.

http://threatpost.com/png-image-metadata-leading-to-iframe-injections/104047
1627830803
Hero Member
*
Offline Offline

Posts: 1627830803

View Profile Personal Message (Offline)

Ignore
1627830803
Reply with quote  #2

1627830803
Report to moderator
1627830803
Hero Member
*
Offline Offline

Posts: 1627830803

View Profile Personal Message (Offline)

Ignore
1627830803
Reply with quote  #2

1627830803
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1627830803
Hero Member
*
Offline Offline

Posts: 1627830803

View Profile Personal Message (Offline)

Ignore
1627830803
Reply with quote  #2

1627830803
Report to moderator
1627830803
Hero Member
*
Offline Offline

Posts: 1627830803

View Profile Personal Message (Offline)

Ignore
1627830803
Reply with quote  #2

1627830803
Report to moderator
kwest
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
February 06, 2014, 05:58:42 PM
 #2

Can this be blocked somehow? I use Firefox. I guess turning off Java is one way?
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
February 06, 2014, 05:59:51 PM
 #3

Can this be blocked somehow? I use Firefox. I guess turning off Java is one way?
Javascript is totally unrelated to java. So, no.

RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1143


The revolution will be monetized!


View Profile
February 06, 2014, 06:04:34 PM
 #4

Yuck, a malicious steggo. That is hard to deal with. Do I need to shut off image loading? Would that even do it, or is the PNG read but not displayed in that case?

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
juju
Sr. Member
****
Offline Offline

Activity: 382
Merit: 250



View Profile
February 06, 2014, 06:06:59 PM
 #5

Maybe using noscript addon will block Javascript and prevent this exploit for the time being.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

Not sure if Chrome has it
kwest
Sr. Member
****
Offline Offline

Activity: 476
Merit: 250


View Profile
February 06, 2014, 06:10:31 PM
 #6

Maybe using noscript addon will block Javascript and prevent this exploit for the time being.

https://addons.mozilla.org/en-US/firefox/addon/noscript/

Not sure if Chrome has it

Just installed it, I hope it helps.

Is there some way to only turn off PNG loading? Still allowing for JPG, GIF.
juju
Sr. Member
****
Offline Offline

Activity: 382
Merit: 250



View Profile
February 06, 2014, 06:19:15 PM
 #7

No idea how to turn off PNG image loading with Noscript. Many years ago I wrote a browser that ignored all images and only returned barely formatted text to the users command line, I wonder if I can rebuild re-use this till the exploit is patched up. (IIRC, it was message board avatars that people used which drove me crazy, to the point I would rather read the forum without any images whatsoever additionally at the time I was under a bandwidth cap.

If anyone knows of any browsers similar to the one I coded that is decent let me know.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!