RE: Web Graphics Exploit Marching Across Internet
Sounds like Snow Crash - view an image, get infected.
This one sounds like bad news - installs a keylogger, contacts two IP's in Russia and downloads some other files. All from viewing an image, which could be put in an eBay posting, for instance.
It works by attaching Javascript to an image file - more technical info here
It's classified as low threat by Symantec, but just that it can be done is pretty scary.
[Via NeoWin - ExPress News [RSS feed]]A new malware has appeared Thursday on several Windows machines. It uses a novel vector (code in web pages). All a user has to do is view a page with this malicious graphic, then the code automatically downloads onto the machine. Once downloaded the program will unpack itself as a keystroke logger. This is an Internet Explorer vulnerability.
Security experts are tracking a new piece of malware that appears to be compromising large numbers of Windows PCs and may be laying the groundwork for the creation of a large spamming network or a major attack in the future. Analysts at NetSec Inc., a managed security services provider, began seeing indications of the compromises early Thursday morning and have since seen a large number of identical attacks on their customers' networks. The attack uses a novel vector: embedded code hidden in graphics on Web pages.
When visitors to a few particular Web sites—including popular auction, shopping and price-comparison sites—request pages that include the malicious graphics, the code automatically downloads itself onto their machines. Once installed, the code unpacks itself and loads a keystroke logger on the PC. NetSec officials said the attack seems to exploit a vulnerability in Internet Explorer. The code then forces the machine to contact two IP addresses—one in Russia and one in the United States. The Russian site is hosted on a broadband connection and is part of a network known for spamming and other transgressions. After contacting these sites, the tool then downloads some other files to the compromised machine. NetSec officials said they are still analyzing the code and are unsure what the exact purpose of the new attack is.