wtf, images have malware now?
>>55422187
Never heard about Buffer overflow?
>wtf emails have malware now?
>wtf .doc files have malware now?
>wtf mp3 files have malware now?
it's possible
wtf I hate images now
>>55422187
Do you have anything embedded in the file?
>>55422258
Now I'm #UnicornForUnicode
>>55422187
FUCK IMAGES
fag
>he's too new to know the meaning behind this 4chan banner
lmao
>malicious code
more like embedded archive full of cp
How would you actually execute malicious shit from an image without making the user do something special?
>>55422187
We live in wonderful times OP
>>55422347
>how do people get malware without doing something special
I'm sure you've gotten malware at one point. What special things were you doing then?
>>55422347
never underestimate how retarded users are
>>55422305
This. Fucking this.
So many people were dumb enough to do this shit, it was part of the reason captchas were implemented.
I bet if they disabled the captcha we would still get some of these posting (or attempting to post because of the embedded detection now).
>>55422347sudo ./Not_A_Virus.jpg
Does anyone remember sound threads on /v/ and /a/?
They still work :^)
>>55422540
I thought that moot disabled that shit?
>>55422187
botnet
>>55422347
>find 0-day vuln in common image parsing library that some browser uses
>post image with shellcode of choice
>???
>profit
I do not think that image lib vulnerabilities are that common though.
Some past examples. No arbitrary code execution, but still nasty.
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libjpeg
>>55422588
He disabled it multiple times. Once by limiting file size to resolutions, another by steganography detection in specific image types, another by detecting files hidden in webm files, another by detecting hidden webm files in images.
There's still quite a few ways to work around it though:^)
>>55422709
>There's still quite a few ways to work around it though:^)
All of them require more effort than the original appending sound files to the image with a little bit of text.
It just isn't worth the effort anymore.
>>55422187
wasn't first exploits on PSP and PS3 were because of some vulnerability in lib-tiff?
>>55422540
>>55422709
>using the smiley with a carat nose
>>55422855
>quoting smiley with a carat nose
>>55422912
>using reddit memes
>>55422912
LOVING THIS MEME :^)
>>55422921
>using the smiley with a carat nose
kys
>>55422347
Malicious Content-Type confusion is one way. I tried to contribute patches to Tinyboard to address this back when I ran a image board (but Michael Save was a faggot and didn't accept them): I'd be surprised if the board software here doesn't have similar but it's exposing it now.
Probably also checking for happy fun ImageMagick exploits, which are also easy and effective.
Note we're talking here about possible attacks against the imageboard servers as well as clients, or fun XSRF/JS hacks.
>>55422941
>using the kys meme
:^)
>>55422963
>using the smiley with a carat nose
>>55422971
>using epic arrow maymay as I do
MODS NUKE US
>>55422258
most underrated comment on /g/ today
>>55422962
Yeah this, automatic content type conversion is evil as fuck. That said, newer browsers don't have issues with this anymore right?
>>55422294
>Proprietary software.
4chan cant tell if its code or something else
its most likely a PS thumbnail file stored inside the image file, which could be """""malware"""""
>>55422250
How is it possible for mp3 file to have malware?
Maybe mp3 file can be somehow prepared to exploit specific codec and the download malware, but not malware itself
>>55422507
Not an executable file.
>>55422245
I just opened a cat image from a /g/ thread today and my computer hanged. And that cat's face was like
>GG bro
>create 1x1 image
>save as jpg
>upload to 4chan
>"error: your image contains an embedded file"
>>55422347
By installing Windows 10
doesn't anyone on here know what steganography is?
>>55424811
Dinosaurs have nothing to do with this you retard
>>55424835
kek
>>55424642
>Can download shit
>Can't be malware
What?
>>55422294
I tried this out back when I used Windows. How would one go about this on a Linux system?
>>55426935
same exact process except you replace winrar with gzip
>>55424671chmod +x Not_A_Virus.jpg
tl;dr can you get virus from looking jpg???
>>55424642
Neo-/g/ pls leave
>>55428443
Hardly, unless there's a 0-day exploit in libjpeg.
>>55428344
You don't have sufficient rights for that.
>>55424811
AFAIK steganography is a way of hiding information in images and such.
Are you implying this can be used to execute malware as well? I imagine someone would need to "extract" this information first?
>>55422187
mostly happens with uncompressed images, like multy layer png files or such.
>>55422305
what exactly does this do?
>>55422305
What does this do? I know what the original did
>>55424642
.mp3.exe
:^)
>>55428532
>not running your Google™ Chrome™ browser as root
>>55428676
>Google™ Chrome™
What's that? Is it like Ultron?
>>55428693
>Not knowing about the best browser
Did you just crawl from under a rock?
>>55424642
Haven't you heard about the john_cena_theme_midi_hdr_hifi_hd_1080.midi.mp3.exe.doc.txt.exe virus?
>>55424811
To extract the data from the image you would need to execute code. You've just pushed the problem back a level.
>>55422294
shit. I remember the book sharing days in /b/
Now it just full of faggots
>>55428640
>>55428660
Just do it ;)
Here's the embedded code: http://pastebin.com/PemE0vnY
>>55428869
>Now
