There is an old saying in India: “You have a good plan, I have a wall ladder.” Nowadays, the network security environment is getting more and more people’s attention, and hackers are thinking of higher tricks to invade your computer.
According to Lei Feng.com, Saumil Shah, CEO of Net-Square of India and network security expert, recently discovered a bug in a malicious program: hackers can write malicious programs into a common image file, and people just open and take a look at this. The computer looks ugly when it looks like a normal picture.
Saumil Shah named this hidden malicious program Stegosploit. So what is the principle of this program?
Saumil Shah said that the BUG comes from a Steganography technology that hides information into images. Saumil Shah uses this concept to write code into image pixels and then restore it via html5’s dynamic Canvas element that can submit scripts. .
This malicious code is essentially a mixture of image code and Javascript scripts, called IMAJS. The hacker can write the code into a picture in JPG or PNG format, unless the picture is enlarged and carefully viewed. Otherwise, it is difficult for the naked eye to find the picture.
The hacker wrote a malicious program in the picture. This program can be designed with many features, such as downloading and installing spyware. Then upload the image to the web and tell you the address. When you view the image in the browser, the malicious program will be triggered and your computer may be hacked.
In other words, if the hacker knows how to exploit this vulnerability, the image file will be untrustworthy for us in the days to come.
However, this code is not 100% for you to use, it can only be used on some less secure browsers or websites, and such pictures with malicious programs will not appear on social networking sites, because like Large social networking sites such as Facebook will check the website when uploading images. If there is a problem, it cannot be uploaded.
On May 28th, at the 2015 HITBSecConf conference, Saumil Shah demonstrated how to write programs and attack PCs on pictures. It seems that this is just a bug and should be fixed soon.
Be First to Comment