Deadly Gif Image Concealed Attack

As per the security researchers, the hackers have come up with a new device for attack, which uses open source programming and infects the system by installing itself in a harmless and useful image.

As published by Computerworlduk.com on June 22, 2007 it has been found that the vulnerability was found in a GIF (Graphics Interchange Format) image on an important picture hosting web site, as per a bulletin released by the security research & organization- SANS institute.

According to the news of computerworlduk.com on June 22, 2007, a researcher with SANS's Internet Storm Centre, Laura Hutcheson said that it is both amazing and interesting to find a file running like a normal GIF file, but actually contains infected script.

It's a simple way for attackers to transfer infected codes in other systems without demanding any attention or setting alarms. Moreover, it continues to bypass network security (NS) tools. PHP is used as a programming language to make dynamic websites, often used by hackers to infect script within an image file.

As the PHP code is secretly installed, the attackers take full advantage when the users visit the site. Moreover, the visited PCs are not prepared for any kind of browser, application flaws and a variety of operating systems, the harmful codes gets automatically installed on it.

Chief Researcher Officer for SANS ISC, Johannes Ullrich said that this deadly GIF could prove to be quite harmful for the server as it permits more infections to enter the system and destroy it, as per the news published by Zdnet.co.uk on June 21, 2007.

According to Hutcheson, the infection that is coded in hypertext processor (PHP) has emerged as a dangerous development. According to Zdnet.co.uk on June 21, 2007, Ullrich said that from the past six months, this technique has taken a forward leap as it occurs in regular intervals. When the user downloads the image, the PHP code is transferred and the attack is conducted, as it serves the image to the user.

The main problem is that the PHP code is located in the middle of the GIF image and it creates some insecure ways with which some developers serve images installed by their users. Normally, the installed files move to a specific directory. Further, if the site serves the image directly from the directory and save the original file name, the site can be used for security exploits.

Related article: Deadly Virus Affecting Computers in Ethiopia

» SPAMfighter News - 7/6/2007