JPEGs on the Attack

Tuesday, December 3, 2013 @ 05:12 PM gHale

There are some cyber attacks out there that rely on maliciously crafted JPEG files to perform updates on themselves or to deploy new threats, researchers said.

The image files contain encrypted data researchers managed to extract and thus analyze the content, which consists in configuration files and binaries, said Trend Micro officials.

Linux Worm Targets ICS
Tor Traffic Skyrockets: Report
Big Boost in Cyber Investment
Energy Sector Attacks on Rise

Tracked to websites located in the Asia-Pacific region, the configuration data present in the JPEGs permits attackers to change settings as well as update itself.

These files also contain details about hostnames in the compromised network and the process names of several antivirus products.

Some of the emails sent by this malware pertaining to SOMOGOT and MIRYAGO families (mainly spyware) contained an attachment that included details about the image files already accessed by the threat and information on the operating system and security updates applied.

The executable files analyzed by Trend Micro were either updates or fresh malware ready to infect the target.

Trend Micro said there is reason to believe this method has been in use since 2010 and continues to work today.

Leave a Reply

You must be logged in to post a comment.