Take A Picture, It'll Last Longer

| | Comments (2)
You may have heard about a recent hack where a user of Flickr found all his photographs had been removed when a (probable) old flame broke into his account and deleted the whole thing. This started a discussion in regards to safe backups, and whether or not the user was playing with fire for expecting a third party image hosting service to keep backups of his images or not.

Many people upload images to sites such as Flickr, but think their data is "safe" purely because they also keep copies of their images on their PC. Well, as you're about to see, unless you have some form of dedicated backup system in place or an external hard drive, it can go horribly wrong very quickly. Take my advice, and DON'T wait for something to happen to your computer then facepalm and cry into a bucket for six hours. Go buy some storage, or at least use one of the many free online storage services and have some kind of contingency plan for your photographs. Now that we've got that out of the way...


imgwrm1.jpg

Above is a program that claims to crank out "Image Worms". I don't recall worms looking quite so vicious as the one in the picture, but nevermind. You hit "Select file to worm", pick an image file on your computer to plaster all over the victims PC and click the "Build worm" button.

At this point, a file appears in the program directory:


imgwmz3.jpg

At this point, it's merely a case of renaming the "Image worm server" file, making it look like an image file then sending it to a victim.

You might be wondering where the "worm" part comes into play, given the overall wormy theme going on here. The truth is, in testing we simply could not get the file to do any spreading of its own accord. If there is supposed to be a worm element to this, something has gone horribly wrong with the coding. It *might* still kick into life, perhaps, when the planets align and mystical portents of doom signify the end of the World. Until then, "Look at my awesome picture lol" is how this thing is rolling.

However, that doesn't mean horrible things aren't about to happen to your computer. Let's take a look, and imagine someone sends you a "picture". Open that file (which of course is actually an executable) and every jpeg on your computer will switch from this...

imgwrm3.jpg
Click to Enlarge

to this:

imgzwrmz666.png
Click to Enlarge

As you may have noticed, all of your treasured memories now say "Hacked" in the middle of a black background.

This is not a good thing. You did back these images up somewhere other than your PC, didn't you?

You didn't? Oh.

We detect this as PicSwitch.

2 Comments

The Reason why they dubbed it a worm is that it propagates to all jpegs on your hard drive. Thus it's an "image worm".

I did wonder about that. What's nagging me is that I saw at least two people on a leet forum complain it had actually spread across their networks.

I'd be happier if its your suggestion to be honest, the potential for asshattery if it actually did create image mangling worms is likely to get skiddies drooling with excitement...

Leave a comment

About this Entry

This page contains a single entry by Christopher Boyd published on August 12, 2009 7:23 PM.

The Cost Of Inflation was the previous entry in this blog.

Site Down, Call For Backup is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.