How come "viewing images" can be dangerous in email?

-1

Why does viewing an image in a web browser or any other email can pose a security concern? Do some viruses pose as images?

agz

Posted 2013-05-02T20:39:03.820

Reputation: 6 820

Question was closed 2013-05-02T20:59:29.733

Answers

2

Actually it is one of very common method to spread virus. And a quick Google will show many many forums and blogs discussing about how it is being done. I am posting few here,

https://stackoverflow.com/questions/9675941/how-can-a-virus-exist-in-an-image

http://www.symantec.com/security_response/writeup.jsp?docid=2002-030110-3845-99&tabid=2

http://www.tropicalpcsolutions.com/html/security/how-to-hide-a-virus.html

But as long as you don't open image there is no way a virus code can get executed.

JackLock

Posted 2013-05-02T20:39:03.820

Reputation: 600

1How come websites do not have this issue, but only email? – agz – 2013-05-03T07:01:15.097

1I am no expert in this matter :) ... but I think when you view an image online you are actually downloading that image temporarily on your system and because of that you could get infected if you system is not well protected (like un-updated OS, no AV, use of IE :) etc) – JackLock – 2013-05-03T12:56:38.620

0

I believe you are referring to the fact some email viewers block the downloading of images in HTML emails. This isnt so much a security concern, but a profanity filter. If the email client sees an email with images as from an unverified source, it will block the images from downloading as it might contain images that some find offensive (porn spam). This feature should be able to be disabled in every email client and allow all images to be downloaded with the mail.

Keltari

Posted 2013-05-02T20:39:03.820

Reputation: 57 019

The usual reason to not download images immediately is to save time and bandwidth while opening mail. – chepner – 2013-05-02T20:45:55.003

2If I open an HTML file, and it opens an Image, it leaves a log somewhere. This means I leak info that the image was opened. If I give a globally unique filename, then I know when that particular email was opened. If I'm a spammer, this info leak is valuable. I can also set cookies. – Rich Homolka – 2013-05-02T21:11:57.410

1It also is for privacy - downloading the image generates a web-request which will be tracked by certain email marketing campaign generators. You therefore have told them that the email address is valid and that you opened the email. – James – 2013-05-02T21:14:54.840

0

In its infinite wisdom, some versions of Windows show a file named e.g. xyz.jpg.exe as if it was an image (JPEG), you ask to open it, and it is run as it is an executable... game over.

The image formats are quite complex, and so are the programs/libraries that process them. There have been bad bugs in those. Add that the images gotten via email/WWW are (by definition) from untrusted sources, that a bug can very well lead to run code specified by the attacker and loaded into the image, and you are in the exactly same situation as above.

vonbrand

Posted 2013-05-02T20:39:03.820

Reputation: 2 083

1How come websites do not have this issue, but only email? – agz – 2013-05-03T07:01:48.990

Asked: 2013-05-02T20:39:03.820

Viewed: 2 153 times

Active: 2013-05-02T20:47:54.727