Friday, August 27, 2010

Malware Infiltrate in the Image File

Microsoft Malware Protection Center (MMPC) has positively identified the malicious script is embedded in the image file. Malware, which is currently circulating on 4chan message board, seems to be the next stage in the evolution of a known threat 4chan.js first appeared in 2008. Not surprisingly, the latest iteration 4chan.js depend on user trust and unfamiliarity image file format using the format HTA. "Infection is the image format PNG storing data in a compressed format is quite dangerous," said researcher Michael Johnson MMPC.

"Users can follow the instructions inside. PNG and save the file as a bitmap (BMP) with HTA extension. This is by performing decompression of files containing images, some JavaScript, and one or more files that can be executed," said Michael. According to Johnson, the above method allows the malware to repackage themselves, defeating the CAPTCHA mechanism from 4Chan.

In this method, we see, the bitmap is created with a random variable at a time. Of course, most users tend to believe the image format. They may not realize that the same image file may contain malicious scripts that are embedded. For that MMPC recommend that users do not have to follow the instructions you see a random picture, especially if the instruction involves changing the file in any way and then run it.

No comments:

Post a Comment

Free Comments, Positive and no SPAM !!!!