0

Is it possible to hide malicious code either within an image, or behind it as it is displayed on a webpage and then if the user saves this image, they actually are downloading the malicious code?

This is kind of vague so I have been having trouble finding much on Google regarding this, if this exists I would definitely appreciate a link to where I can read more about this.

kalina
  • 3,354
  • 5
  • 20
  • 36
Teacic
  • 1
  • 1
  • 1
    Yes it is possible and there were many identified cases. Yes/no question aside, what remains is only a request for references to outside materials and such questions are generally frowned upon on SE. Use your favourite search engine. – techraf Mar 29 '16 at 00:43

2 Answers2

3

There are lots of methods to hide information inside an image, like inside the meta data, after the image or even inside the image using steganography. In case of real executables you need some code to extract the information from there before you can execute these as programs. But in case of Java, Javascript or similar programs such a file could actually be image and code at the same time and gets immediately executed.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
0

Many programs that display images will just display the image data up to the resolution defined in the header of the image, everything that is appended will just be discarded for displaying, however it is still in the file.

More info in this image at the end :P

enter image description here

PS: Save the image and open it with i.e. a hex-editor, there is just some plaintext appended, so even opening it in notepad should work fine.

Edit: More info on this topic can be found in this Q&A

Community
  • 1
Dominik Gebhart
  • 101
  • 1