Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

[Paranoid] Is it possible to receive malware through an embedded image?


  • Please log in to reply
1 reply to this topic

#1 Duckmeister

Duckmeister

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 18 December 2011 - 03:38 PM

One of the forums I browse has a section where users tend to post a lot of images from all sorts of domains. The other day, I noticed that some users were complaining of an Avast malware warning they were receiving from a certain image (embedded on the forum using {IMG} tags), stating that link was malicious and blocked by Avast. My Microsoft Security Essentials didn't pop up with anything, however. After finding out which image was the culprit, I ran Virus Total on the base domain, and on the actual image file, and both showed up clean. I booted into safe mode and ran a full scan with Security Essentials, and a full scan with Malware Bytes Anti-Malware, both of which were clean.

The infection that Avast stated was present was "URL:MAL", which, from my research, redirected Google search results, and embedded itself in svchost.exe. I'm not experiencing any of the symptoms described, no redirects, either in Internet Explorer or Firefox, and svchost.exe is showing normal memory usage. So, for all intents and purposes, I don't think I have any sort of virus at all.

So, my question is, is it at all possible to get infected through an .jpg (or .png, or .gif) embedded on a forum using {IMG} tags, if you never even go to the domain that's actually hosting the image? I never clicked on any links or anything like that. With this latest episode, I'm now worried about other images on this forum. I know this is a total newbie question, and I don't even know if it's the right forum, I'm just really paranoid about these things. If any of you could help me, that would be great!

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:13 PM

Posted 18 December 2011 - 03:39 PM

Its more then likely a false positive.

Also send me the forum link in private, so as to not infect anyone.

Edited by cryptodan, 18 December 2011 - 03:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users