Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is it at all possible to catch a virus through the following procedure


  • Please log in to reply
5 replies to this topic

#1 rp88

rp88

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:06 PM

Posted 17 December 2014 - 03:15 PM

I wanted to clarify some things about methods of infection and whether users can ever get viruses from the following type of internet usage:


1.user goes to google images and searches for images using a particular search term(or phrase).
2.google loads a long scrollable page of pictures.
3.user right clicks on a picture and selects "open in new tab".
4.in the new tab that grey google page loads with the image in the middle and to the right of it a buton to "visit site" and a button to "view image" along with a few other images google considers similar and a link to see "all sizes".
5.user right clicks on the image whilst still on this grey google page and selects "save image as"
6.user saves the jpg/png/gif/bmp/jpeg file into a folder somewhere on there machine
7.user closes the tab with that grey backgrounded google page
8.user repeats procedure for a few other images on the search results page

Is it at all possible to get a virus by doing this, note that the user never actually visits the site where the image is hosted, but the user does see the image in that grey backgrounded google page.
As a second question on a very similar note,

If the user clicked the button to "view image" on the page and went straight to a page holding the image (NOT to some photobucket, flickr, imageshack, imgur page with the image on it but surrounded by adverts) a page of the form http:// ( something or other)/(imagetitle).jpg or http:// ( web address)/(imagetitle).png could they get any kind of virus from either the grey google page or from the image page they went to?

Given that in the first procedure described the only thing the user visits is a google search page and a google page with a grey background some links and a picture, and in the second procedure all the user visits is a google image search page, that grey page and a jpg or png page on the source website, can there be any chance for an exploit or other attack to be performed against the user, or for the image itself to be somehow infected?

Edited by rp88, 17 December 2014 - 03:17 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


m

#2 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 17 December 2014 - 06:51 PM

As one who has almost 11,000 wallpapers, I can safely say the answer is no. The changes made to Google Images a couple of years ago is a huge security upgrade. 



#3 Kilroy

Kilroy

  • BC Advisor
  • 3,282 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Launderdale, MN
  • Local time:10:06 AM

Posted 18 December 2014 - 07:09 AM

I have to disagree.  No matter what protections Google has in place you could possibly still download an infected graphic file.  Google can only protect you against the known issues with graphic files, an unknown issue could infect your machine.  The odds of that happening are probably quite small, but they still exist.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:06 AM

Posted 18 December 2014 - 08:40 AM

I've learned when it comes to malware (and malware writers)...almost anything is possible. If something is impossible today, that does not mean it will be impossible tomorrow.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88
  • Topic Starter

  • Members
  • 2,895 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:04:06 PM

Posted 18 December 2014 - 09:32 AM

Thanks for these answers, so it seems this is fairly safe to do but there might come a time where it is not. I guess infected image files are only a problem if there is an unpatched vulnerability in the software used to open the image (be it the browser or microsoft office picture manager or paint), this could be a vulnerability that's just been discovered and no update released yet or it could be one which is being used by criminals as no-one yet realises the vulnerability exists in the image viewing software.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 18 December 2014 - 11:49 AM

I have to disagree.  No matter what protections Google has in place you could possibly still download an infected graphic file.  Google can only protect you against the known issues with graphic files, an unknown issue could infect your machine.  The odds of that happening are probably quite small, but they still exist.

 

 

It's virtually impossible to get infected because you aren't going to a website from Google Images. The image is stored in Google's cache. it used to be you had to go to a blind website without knowing if it was safe. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users