1

Lets say I have an infected image by some malware, I double-click it and that triggers the default program that handles images to open it for viewing. Will this also trigger the malware inside the image ? Assuming that you can view the image and it is not a renamed *.exe, *.bat, *.vbs, *.sh etc. misguiding file.

So according to your experience/knowledge:

General questions:

  1. The code execution is plausible only if the Image Viewing program has a security hole that suffers from Buffer Overflow ?
  2. Are there other security holes apart from Buffer Overflow that help malicious code inside image execute while viewing it with an image viewer ?
  3. If there are, which are those image viewers ?
  4. Has the Windows Photo Viewer security holes such as Buffer Overflow, or have they all been removed ?
  5. What type of images does this type of image malware affect ?
  6. Is it true that one cannot exploit .tif images, but on the contrary can exploit .jpg images for malicious purposes ?
  7. Are you aware of circumstances of image malware that affect either Windows or Linux operating system ?

Specific Questions:

  • In my case, I got some potentially infected jpg images which I double-clicked, and viewed by the Windows Photo Viewer on Windows 8.1. Could I be infected ? If so, how ?

What I already know:

After a lot of research in the web, I have found that the only way an image can execute code stored inside it, is if the image viewer has security holes. In the case of image viewers, one can take advantage of the Buffer Overflow vulnerability to execute malicious code. On the other hand there is that guy on youtube that presents a way to run code in an image just by clicking it. I think that this tutorial took advantage of the security hole that Windows got fixed back in 2004, but I am not sure. In addition I have read that the usage of inserting malicious data, via a technique called Steganography, is if these data are auxiliary to some other, already installed malware (ex. Zeus malware and .jpg files). That is because of the fact that "code cannot be executed just by viewing an image". Moreover, I have heard that you can exploit .jpg images but not .tif images for malicious purposes, which means that .tif and Steganography "cannot dance together".

pgmank
  • 415
  • 6
  • 13
  • 1
    This question is all over the place. Can you narrow down your question? You might have better luck if you replaced "buffer overflow" with "vulnerability" - buffer overflows are only one vulnerability that can be used. – schroeder Apr 08 '15 at 16:49
  • @schroeder I know that this question is all over the place. That's where I also acquired all the knowledge which I have written in the ***What I already know*** section. I am aware of the [question](http://security.stackexchange.com/questions/55061/can-malware-be-attached-to-an-image) that my post duplicates and I have read it before. The differences are that non of the posts and questions I found on the web clearly answer the 7 general + 1 specific question I made. So I do not think that it is much of a duplicate. – pgmank Apr 08 '15 at 20:43

0 Answers0