Skip to content
Skip to sidebar
Skip to search
Skip to main navigation

Login

Please login to Techworld.com

Forgot password?
Need your new account confirmation email resent?
Forgot email?

Not a member yet?

Register for a Techworld Account and enjoy unlimited access to our extensive white paper library and exclusive Enterprise multi-user software trials. Account members can also comment on articles and access best practices guides.

Register

Register

Security

Related Content

Features

Know your Internet bad guys
TrendMicro's handy infographic gives you the low-down on web enemies
Protecting your organisation's intellectual property
Cyber espionage is becoming a big threat - how well do you protect your company's intellectual property?

Top How-Tos / Advice articles

Most Popular in Security

Malicious GIF conceals PHP attack

Evil image pops up on major image site.

By Matthew Broersma | Techworld | Published: 17:13, 21 June 2007

Hackers have begun circulating a PHP exploit embedding it in a seemingly harmless GIF image, according to security researchers.

The exploit was discovered in at least one GIF on a major image-hosting website, according to a bulletin from the SANS Institute's Internet Storm Center (ISC) on Tuesday.

"It's interesting and scary to find a file that acts like a regular GIF file, but contains a script exploit," said SANS ISC handler Lorna Hutcheson in the bulletin.

Related Articles on Techworld

The exploit, coded in PHP script, could be a dangerous new development, Hutcheson said.

"Interestingly enough, the file itself contains a completely legitimate 1x1 gif image at the beginning of the file," she wrote. "It is a clever way to pass exploit code to others without it setting off alarms or attracting attention all while bypassing network security tools."

She also suggested the technique could be used to create a Remote File Inclusion attack, an attack that lets hackers run their own malicious code on an otherwise harmless website.

Send to a friend

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

State of software security report volume 4

If your business has anything worth protecting, be it money, intellectual property or a trusted...

Download Whitepaper

New threats demand innovative responses

Financial institutions in the UK remain susceptible to further systemic problems, as challenging...

Download Whitepaper

Delivering a competitive advantage through IT

IT organisations share a common mission; to optimise investments and streamline operations to...

Download Whitepaper

6 tips to mobilise your existing ERP

Enterprise mobile users throughout the global business community will number 1.19 billion by...

Download Whitepaper

Techworld UK - Technology - Business

Techworld Awards

Techworld Awards Winners 2011

Learn who the winners of this year's Techworld Awards are. Video footage coming soon...

Find out more

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

Site Map

Techworld Knowledge Centres

Member Services

ComputerworldUK.com

CIO UK

Macworld

PC Advisor

MacVideo

Digital Arts

MarketBase

CFO World

All contents © IDG 2012:
|
Information for Advertisers |
Privacy Policy |