Adware / Spyware Issues: August 2009 Archives

You may have heard about a recent hack where a user of Flickr found all his photographs had been removed when a (probable) old flame broke into his account and deleted the whole thing. This started a discussion in regards to safe backups, and whether or not the user was playing with fire for expecting a third party image hosting service to keep backups of his images or not.

Many people upload images to sites such as Flickr, but think their data is "safe" purely because they also keep copies of their images on their PC. Well, as you're about to see, unless you have some form of dedicated backup system in place or an external hard drive, it can go horribly wrong very quickly. Take my advice, and DON'T wait for something to happen to your computer then facepalm and cry into a bucket for six hours. Go buy some storage, or at least use one of the many free online storage services and have some kind of contingency plan for your photographs. Now that we've got that out of the way...


imgwrm1.jpg

Above is a program that claims to crank out "Image Worms". I don't recall worms looking quite so vicious as the one in the picture, but nevermind. You hit "Select file to worm", pick an image file on your computer to plaster all over the victims PC and click the "Build worm" button.

At this point, a file appears in the program directory:


imgwmz3.jpg

At this point, it's merely a case of renaming the "Image worm server" file, making it look like an image file then sending it to a victim.

You might be wondering where the "worm" part comes into play, given the overall wormy theme going on here. The truth is, in testing we simply could not get the file to do any spreading of its own accord. If there is supposed to be a worm element to this, something has gone horribly wrong with the coding. It *might* still kick into life, perhaps, when the planets align and mystical portents of doom signify the end of the World. Until then, "Look at my awesome picture lol" is how this thing is rolling.

However, that doesn't mean horrible things aren't about to happen to your computer. Let's take a look, and imagine someone sends you a "picture". Open that file (which of course is actually an executable) and every jpeg on your computer will switch from this...

imgwrm3.jpg
Click to Enlarge

to this:

imgzwrmz666.png
Click to Enlarge

As you may have noticed, all of your treasured memories now say "Hacked" in the middle of a black background.

This is not a good thing. You did back these images up somewhere other than your PC, didn't you?

You didn't? Oh.

We detect this as PicSwitch.

Pages

About this Archive

This page is a archive of entries in the Adware / Spyware Issues category from August 2009.

Adware / Spyware Issues: August 2008 is the previous archive.

Find recent content on the main index or look in the archives to find all content.