Friday, August 08, 2008

Trojan Horses

Ars Technica covered an interesting subject that we all know is stalking around every corner - that of PC viral attack. NGSSoftware have developed an attack that is truly a Trojan Horse and will present its details on this at the Black Hat security conference next week.

What do we trust? What do we pass around and exchange today believing they are relatively safe? The answer is often images, JPEGs and GIFs but these are surely just images?

NGSSoftware claim to have found a way to embed a Java applet within a GIF. The GIF is seen by two different programs very differently. The web server sees it as a GIF file, and serves it accordingly, but when the "image" reaches the client, it can be opened as a an executable Java applet. Simply viewing a GIF won't infect a system that requires the user to be linked to the infection from an attacker web site. It now appears that this not only applies to GIF files but can apply to JPEGs and DOCs.

Ok is it now time to start to feel worried and pull the sheets up over our heads?
To obviate immediate exploitation the research team will leave some details out of their presentation and Sun intends to issue a patch that will serve as a short-term correction to the issue.

It is a pity is that this now has been raised in terms of a threat and not an opportunity as we are aware of one patented technology that can store files within images. These can be dynamically activated by the user via icons overlaid on the image. In a trade that is littered with jacket images the opportunities are obvious but the threat danger may now close these down.

No comments: