Naive question ?

Discussion in 'malware problems & news' started by justlearning, Mar 30, 2014.

Thread Status:
Not open for further replies.
  1. justlearning

    justlearning Registered Member

    Joined:
    Mar 30, 2014
    Posts:
    2
    Location:
    netherlands
    Hello folks ...

    new member here , just trying to learn my way into IT security...:) still a rookie though.

    I would just wondering If any concerns regarding sites hosting multimedia files .
    especially jpg could considered to be safe.
    In particular after the reports in jpg malware concealed with steganography .

    A relevant article is this : http://www.techworm.net/2014/02/new-variant-of-zeus-banking-trojan.html

    As it is mentioned , a usual method is Malvertising .
    For me the things to be concerned about would be :

    a. In sites like, let's say, tinypic.com or imageshack, would the mere viewing a jpg be hazardous ?
    b. what kind of browser is safer in navigating in these cases
    personally I use Chrome and Firefox
    c. Is an extension or add-on like NoScript or Adblock helpful or pretty much useless ?

    I know these are rather clueless questions of but I would be obliged If someone could throw a piece of advice.

    Thanks ...cheers :)
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    The jpeg contains the Zeus configuration. Zeus still needs to load into the system before been able to read the configuration.
    So, in short: if you open a Zeus jpeg you don't get infected! :D
     
  3. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I agree.

    It's 2014 and Microsoft Windows PCs can still be owned by a JPEG.

    IMHO NoScript and Adblock Plus are both quite useful in avoiding exposure to malware.
     
  4. justlearning

    justlearning Registered Member

    Joined:
    Mar 30, 2014
    Posts:
    2
    Location:
    netherlands
    My sincere gratitude to both repliers .
    I would like to add some more wood in the fire , though ;)

    1) When I visited a certain web page which provided image hosting, my NoScript app warned me of an xss event . Not only that , but also in the event log there was a registration of a JavaInjection atempt in the aforementioned webpage. From what I understand so far java Injection is a method used in order to embed executable code in a presumably trusted site.
    I could paste the exact code as it was recorded ( If anyone can comprehend gibberish :ouch: )

    any cents on that one ?

    2) the second concern has to do with the csrss.exe file, as it is shown in the taskbar, not co certain though , still working on it


    How about number one , at first , any opinions ....? :)
     
Loading...
Thread Status:
Not open for further replies.