Vulnerability Development mailing list archives
Re: Infected jpeg files?
From: "Brad" <gryphonn () austarnet com au>
Date: Sun, 11 Nov 2001 09:22:08 +1000
On 9 Nov 2001 at 21:40, HackHawk wrote: Date sent: Fri, 09 Nov 2001 21:40:16 -0800 To: <vuln-dev () securityfocus com> From: HackHawk <hugh () hackhawk net> Subject: Re: Infected jpeg files? Copies to: <rginski () co pinellas fl us>, <jove () gaza halo nu>, J Edgar Hoover <zorch () totally righteous net>
This (finding an algorithm flaw) is the most interesting post I've seen about infecting JPEG images. However, I've seen no mention of files on the Macintosh. Isn't it true that on a Macintosh, you can give an executable file ANY extension you want? And isn't it also true that you can associate ANY image you want with your executable file? A MAC friend of mine once showed me how he got somebody to open a Mac Script file because the target thought it was a zipped archive of some sort. The script setup a special access password on the targets system, then downloaded and opened the actual archive from somewhere else. I spent a few hours attempting to create such a file using Code Warrior on the MAC a few months back, but due to lack of time gave up the effort. I was able to name an executable with any extension I wanted (.JPG to be precise), but I was never able to associate the image I wanted with the executable file. Any MAC people want to correct my belief if it is incorrect? - hh
Hi all Last week I was troubleshooting a jpeg viewing problem with a number of workstations. What was happening was certain w/station users couldn't view a particular image that had been mailed out for staff information (Xmas card design). It turned out that the image was created on a Mac in Photoshop and was saved as a jpeg in CMYK format. The image itself had extra header information (as opposed to a jpeg saved in RGB format) that IE could not decipher. This problem was only affecting those users who still had IE as the default viewer for jpeg files. Any other image viewer seemed to parse the image and display it OK, except MS paint, which crashed. Resaving the image as a jpeg through an image viewer such as Irfanview removed the offending extra header information and resolved the IE problem (I didn't check MS Paint). IE was tied up in some sort of processing *after* the default 'red cross' icon for a non-viewable image was displayed. I'm no coding guru, but thought that there may be potential there to embed some code in those extra headers to cause IE to process that code. If anyone is interested in playing with this idea, e-mail me off-list and I'll organize to e-mail you both variants of the same file on Monday. *If* this is possible, there are an awful lot of IE browsers still set as the default image viewer for jpegs out there. Cheers, -- Brad Griffin Gryphonn Design Rockhampton QLD, Aust. 4700 ABN: 12 095 821 961 ***************************
Current thread:
- Infected jpeg files? rginski (Nov 08)
- Re: Infected jpeg files? Chris D. Sloan (Nov 08)
- Re: Infected jpeg files? Blue Boar (Nov 09)
- Re: Infected jpeg files? jove (Nov 09)
- Re: Infected jpeg files? J Edgar Hoover (Nov 09)
- Message not available
- Re: Infected jpeg files? HackHawk (Nov 09)
- Re: Infected jpeg files? Rob Salmond (Nov 10)
- Re: Infected jpeg files? (viruses) Jonathas Diogenes Castello Branco (Nov 10)
- Re: Infected jpeg files? Brad (Nov 10)
- Re: Infected jpeg files? Chris D. Sloan (Nov 08)
- Re: Infected jpeg files? H C (Nov 09)
- Re: Infected jpeg files? Thor (Nov 09)
- <Possible follow-ups>
- RE: Infected jpeg files? OBrien, Brennan (Nov 08)
- RE: Infected jpeg files? Oliver Petruzel (Nov 09)
- RE: Infected jpeg files? Bruce Ediger (Nov 09)
- RE: Infected jpeg files? Chan, Stephen (TIS, Singapore) (Nov 09)
- RE: Infected jpeg files? OBrien, Brennan (Nov 09)