New GIFAR Attack Targets Browsers of Users
Security researchers of UK-based NGSS (Next Generation Security Software) along with researchers of the Advanced Security Center of Ernst & Young LLP have built a new file that enables access to user's browser on any Website where images may be uploaded, like eBay or social-networking Websites.
The file called Gifar is a hybrid of GIF (Graphics Interchange Format) and JAR (Java Archive). Although it appears like a .gif image to the Website hosting the file, a .jar file combined with it. When GIFAR is displayed in the browser, the JAR runs in the form of an applet, allowing the attacker to execute Java script in the contaminated browser.
This Java script, however, appears to the visitor's browser as coming from a legitimate site. According to NGSS Officials, the attack wo...
» SPAMfighter News - 20-08-2008