Educause Security Discussion mailing list archives
PNG based spam/malware
From: Patrick P Murphy <pmurphy () NRAO EDU>
Date: Wed, 6 May 2009 13:20:56 -0400
I don't know about the rest of you, but I've noticed a significant uptick in e-mail spam in the form of image-only messages (usually in PNG format). It's no secret that there has been at least one PNG rendering vulnerability discovered recently (e.g., CVE-2009-0040) so I won't be surprised if the two are related. On my system, Firefox does reference libpng. My question: does anyone have a recommendation for a toolkit to *check* such an image, short of actually viewing it in a vulnerable browser or image viewer? I'd really like to document an example of what such spam/malware looks like and what it can do. Thanks in advance, - Pat -- Patrick P. Murphy, Ph.D. Webmaster (East), Computing Security Manager http://www.nrao.edu/~pmurphy/ http://chien-noir.com/maze.shtml "Inventions then cannot, in nature, be a subject of property." -- Thomas Jefferson, August 13, 1813
Current thread:
- PNG based spam/malware Patrick P Murphy (May 06)
- <Possible follow-ups>
- Re: PNG based spam/malware Joe St Sauver (May 06)