We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Loads of infected results in Google Images lately
Options
Comments
-
it's the turnaround period though when users are vulnerable.. the period between the development of an exploit, to its discovery in the wild, to the issue of a security patch. it's during that period that every user is open to attack..
take this vulnerability in the windows graphics rendering library, for example...
https://secunia.com/advisories/42779
it was acknowledgement by Microsoft in January 2011 that an exploit was in existence. Three weeks later and microsoft had duly released a solution.
However, since the vulnerability affects different versions of Windows going back to Windows XP, an exploit may potentially have been out there for five years or more..0 -
Why are you particularly concerned about google? At a guess, I doubt that Google currently vets images before inclusion in its images.google.com search results. I guess there are too many different exploits, and minor modification to the shellcode would probably foil any rudimentary signature-based detection.
I'm concerned for other people; I partly made this thread out of curiosity if others were noticing it, and also to warn people and hopefully get some passive protections onto people's systems. Now it's clear that its pretty widespread and generating a lot of traffic, so increasing the risk of exposure to people who are vulnerable to it.
Thanks for the other info, food for thought and loads to catch up on as usual for me. I do remember reports years ago about images in Outlook now that you mention it, but stopped hearing about it and never used Outlook myself.0 -
I'm concerned for other people; I partly made this thread out of curiosity if others were noticing it, and also to warn people and hopefully get some passive protections onto people's systems. Now it's clear that its pretty widespread and generating a lot of traffic, so increasing the risk of exposure to people who are vulnerable to it.
Thanks for the other info, food for thought and loads to catch up on as usual for me. I do remember reports years ago about images in Outlook now that you mention it, but stopped hearing about it and never used Outlook myself.
it's an interesting topic. unusual for a board like this one. for what little my opinion is worth, i feel quite safe using the Firefox browser. However my personal paranoia is over adobe flash player. I just don't trust that software. I don't understand it, don't know how it works, i've got no idea of the sort of code that it can potentially run locally on my machine, etc.
Thinking a bit more about the google image question, google does create its own thumbnails for display on images.google.com, so any malware embedded in the original image would almost certainly be stripped out by google and that thumbnail creation process.
that's not to say that the original image wouldn't still have malware. for example, i was just looking for pictures of alison king, the actress who plays carla connor in coronation street. there's only one nude photo of her, and it's possible fake, but nevertheless, the thumbnail shown on google.images is enough to entice most [strike]people[/strike] men to look at the full-sized original image... it's as much about social engineering as security engineering...0 -
Thinking a bit more about the google image question, google does create its own thumbnails for display on images.google.com, so any malware embedded in the original image would almost certainly be stripped out by google and that thumbnail creation process.
Yes that's what I meant by:
Would have to hope that google would notice if thumbnail images they hosted caused a buffer overflow
It's for that reason that Google images are an issue for people trying to use OpenDNS to block !!!!!! (e.g. for children).
Youtube also convert videos they get, so they are the only site I whitelist with Flashblock. I browse in Sandboxie most of the time now anyway.0 -
Just noticing now that all the google image searches I've done today have been clean of malware. Anyone else notice the same?
Google must have responded; wouldn't be difficult for them once they set their minds to it with the right heuristics.0 -
Just noticing now that all the google image searches I've done today have been clean of malware. Anyone else notice the same?
Google must have responded; wouldn't be difficult for them once they set their minds to it with the right heuristics.
Google must be following your posts Russ
, you are doing their job for them :T 0 -
However my personal paranoia is over adobe flash player. I just don't trust that software. I don't understand it, don't know how it works, i've got no idea of the sort of code that it can potentially run locally on my machine, etc.
^^I don't like fp either (sooner we get rid of the better ! ) / this can be quite useful :
https://addons.mozilla.org/en-US/firefox/addon/betterprivacy/BLOODBATH IN THE EVENING THEN? :shocked: OR PERHAPS THE AFTERNOON? OR THE MORNING? OH, FORGET THIS MALARKEY!
THE KILLERS :cool:
THE PUNISHER :dance: MATURE CHEDDAR ADDICT:cool:0 -
Google is a rather popular tool for the malware writers...since it is probably the biggest source of information/searches there is...so naturally they are thinking of new ways to use it.
A good writeup from unmaskparasites: http://blog.unmaskparasites.com/2011/05/05/thousands-of-hacked-sites-seriously-poison-google-image-search-results/
One thing he mentions is the way that they check where the request comes from. I have seen a few of the infected sites, where analysis is slightly harder since the site checks for referrers (either from a site, or being passed from the malware on the machine when they dial home). So when you check with malzilla for example, there is no referrer (unless you set it) and so it redirects to google, looking harmless. But give it the right referrer (and user agent) and it serves the malware...-Scott-
“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!” Richard Feynman0 -
somersethillbilly wrote: »Google must be following your posts Russ, you are doing their job for them :T
Haha, that's not what I- oh alright
0 -
A good writeup from unmaskparasites: http://blog.unmaskparasites.com/2011/05/05/thousands-of-hacked-sites-seriously-poison-google-image-search-results/
One thing he mentions is the way that they check where the request comes from [...]
That was a really good read, nice one. The referrer issue makes a lot of sense too.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.6K Spending & Discounts
- 244K Work, Benefits & Business
- 598.9K Mortgages, Homes & Bills
- 176.9K Life & Family
- 257.3K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards