A Photo File That Can Steal Web Site Logons

Computer security researchers will unveil a new malicious software program next week at the Black Hat computer security conference in Las Vegas that could steal peoples’ online profiles and logon information from web sites like MySpace, Facebook, eBay and Google.

The software relies on a new hybrid computer file that is recognized as different things to different computer programs. By putting the files on web sites that allow people to upload images, the developers can fool security systems and take over the personal accounts of people who use these sites.

The malicious file is called a GIFAR, a combination of GIF ( an image file ) and JAR ( a Java file ), the two types of files are combined.

To the web site, the file looks like a harmless .gif image file, however a person’s browser will recognize the file as a Java applet and run the malicious program on the users computer.

Black hat hackers could create a profile on on a popular social network, like MySpace.com or Facebook.com, and upload their GIFAR file as an image on the web site. They would then trick another user into visiting a malicious site, which would tell the person’s web browser to run the GIFAR software. The applet would run in the browser, giving the hackers access to the victim’s web site account information.

This type of attack could work on any web site that allows people to upload files, potentially even on sites that are used to upload banking card photos or eCommerce sites.

However, the victim would have to be logged into the site that is hosting the image for the attack to work.

There are some ways that the GIFAR software could be stopped. Sites could upgrade filtering tools so that they could identify these malicious hybrid files. Also, Sun Microsystems could modify the Java runtime to stop the GIFAR from working. The security researchers believe that Sun will come up with a security fix soon after its Black Hat presentation.

Source: ComputerWorld.com