Original Web 2.0 Dangers, malware in images

Original Web 2.0 Dangers, malware in images

Web 2.0 is the phrase that more or less was describing the new interactive type sites coming online, such as Facebook today, and what is now called Social Engineering. It also referred to new types of display type add-ons to websites. It is describing innovation in some vein to new designs, applications on websites. Flash format is included. Microsoft Silverlite became these type new ways or innovation of display as more clarity even in graphics. One fairly visible item on many websites now are Tag Clouds, which are all the key words a website uses referring to the content in the site to help search engines and visitors and are displayed in a cloud of search/tag key words.

Perhaps even PHP format can be included https://en.wikipedia.org/wiki/PHP 

NOTE that quality antimalware (antivirus+antispyware) with Real Time Protection (or HIPS) activated protects against these – keep it updated and running 24/7!

Most on the Net of newer users just ran with Web 2.0 meant the new social interfacing applications like a bunch of chatty-cathys/charlies completely dismissing security concerns and actual malware now surfacing in newer website add-ons, embedded, etc. They will say Web 2.0 Dangers has nothing to do with malware out of ignorance, or playing ostrich, or duping the public with dumb pills intentionally as malicious trolls and cyber criminal gum shoes do at places – intentional misinformation to make you their mark. The malware infection in these add ons pretty much resulted in drive-by infection – simply visiting the website with the malware embedded, and unseen, infecting the PC right over the Net.

Basically and bottom line is that in recent years there has been quite the changes with more graphical format and embedded and add ons on websites and the term security-wise as  Web 2.0 Dangers here generally applies to drive-by infection at a website (intentionally or hacked) as opposed to infection through email attachemnts or bad software downloads laced with malware and being duped into clicking some bad link online etc etc etc.

Newer rare event as part of Web 2.0 Dangers is actually getting infected while playing a movie online in an embedded player – embedded malware encoded in the movie infects the PC.
EXAMPLES…
How to Fix a Flash Virus | eHow.com
http://www.ehow.com/how_5998536_fix-flash-virus.html

How Movie Files Can Become The Source Of Malware Attacks
Lifehacker Australia
Apple’s latest security update for Mac OS X includes a series of patches to Quicktime designed to stop the movie playback software from being exploited to launch a malicious attack…..
http://www.lifehacker.com.au/2013/07/how-movie-files-can-become-the-source-of-malware-attacks/

———->
An actual real, amatuer forensics I performed for a friend infected this way
HERE…
Forensics: “Unknown Flash Movie Virus”
http://bluecollarpc.us/2013/05/07/forensics-unknown-flash-movie-virus/
By bluecollarpc – Last updated: Tuesday, May 7, 2013

I saw this new article (below) and realized immediately what has been discovered. Below is a copy of the post to our Help and Alerts Group…  http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Web 2.0 Danger Discovery – Malware hid in image exif metadata     
Posted By: bluecollarpc
Thu Jul 25, 2013 11:39
http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/message/3234
 
Malware hid in image exif metadata
SC Magazine Australia
Sucuri researcher Peter Gramantik found the compromised but working images on a small number of sites. He said attackers had preserved the image by storing malware within the image exif metadata, which contained time and geo location information.
http://www.scmagazine.com.au/News/350928,malware-hid-in-image-exif-metadata.aspx

BlueCollarPC.US Writes;
THIS mentioned….
New virus first to infect Macromedia Flash (January 8, 2002)
http://news.cnet.com/New-virus-first-to-infect-Macromedia-Flash/2100-1023_3-803829.html
IS ACTUALLY one of first in WEB 2.0 DANGERS concerning embedded add on
media in websites. The malware dangers of these are generally not added
or spoken about in general Web 2.0 conversations BUT are that
security-wise intregal part of WEB 2.0 DANGERS as a coined phrase that
generally now calls to mind Social Engineering etc. as concerning
interactive applications online as Facebook. The abscense of malware in
Web 2.0 Dangers is generally due to the ignorance or playing ostrich of
the speaker.

Web 2.0 – Wikipedia, the free encyclopedia
The term “Web 2.0” refers to a perceived second generation of web
development and design, that aims to facilitate communication, secure
information sharing, …
http://en.wikipedia.org/wiki/Web_2.0

ALSO MAY APPLY

Network Forensics
http://www.techopedia.com/definition/16122/network-forensics?utm_campaign=newsletter&utm_medium=tod&utm_source=07182013
What does it mean?
Network forensics refers to investigations that obtain and analyze
information about a network or network events. It is a specialized
category within the more general field of digital forensics, which
applies to all kinds of IT data investigations. Typically, the phrase
network forensics refers to the specific network analysis that follows
security attacks or other types of cybercrimes.

In an Amatuer Forensics I performed, several years ago now as a classic, I had discovered an apparent plasma text virus embedded in a .Gif Image. The full payload was a full blown botnet infection of the Windows XP Desktop….
http://bluecollarpc.us/forensics/
JUMP TO:
“(((PROLOUGE)))
NOW DISCLOSED…… APPARENT ATTEMPT TO INFECT PLASMA SERVERS AS WELL…. Optical buffer http://en.wikipedia.org/wiki/Optical_buffer
NON Sample – http://www.sun.com/customers/servers/pppl.xml

— SENDER: gerald309
Webmaster: Malware Removal/Amateur Forensics
HOME http://bluecollarpc.us/
Alternate https://sites.google.com/site/pcsecurityhelper/
HELP http://tech.groups.yahoo.com/group/BlueCollarPCSecurity/
Membership/Join List:
Subscribe: BlueCollarPCSecurity-subscribe@yahoogroups.com
Free Malware Removal Help / A Community Website Since 2005

Advertisements
%d bloggers like this: