Watch out for photos containing malware

That adorable picture of a cute kitten may contain claws. Here's how photos on the Internet can infect your PC.

Jerseygirlinfl asked the Answer Line forum if photos floating around the Internet could contain mailware.

Cybercriminals use images in a number of ways to infect your computer. In most cases, the photo itself is harmless; it's just a trick to get you to do something stupid. But sometimes, a .jpg file itself will contain malicious code.

Let's look at a few ways in which an image can contain some real bad news.

[Email your tech questions to]

As you may have noticed, a lot of spam exists for the specific purpose of tricking you into visiting a particular website--often one that intends to download malware. Images can play a big part of that. You probably already know not to click a link in a suspicious email, but photos can be embedded in emails as they are in webpages--and do their dirty work when you open the mail.

Fortunately, most modern mail clients don't display such pictures by default. Best to keep it that way.

Another trick is the double extension, which takes advantage of Windows' file-naming conventions. If a file is named adorable.jpg.exe, most Windows computers will display it as adorable.jpg. Most users, therefore, will think it a harmless image file, even though it's really an executable program. And when you run the program, it probably will show you an adorable picture...while it infects your PC.

And finally, there's steganography, which in a digital context means the art of hiding data in another type of file. A .jpg can easily contain additional bits interwoven within the image, without noticeably effecting the image's appearance. That additional data can include code, which is encrypted to make it harder to identify.

Luckily, such an altered image can't do much by itself. No image viewer will see or know what to do with that code, even if it isn't encrypted. But malware developers often break up their code into multiple pieces and distribute them separately to avoid detection. The information hidden in a picture could contain instructions useful to another piece of malware on your computer. See Zeus banking malware hides crucial file inside a photo for one recent example.

How do you protect yourself? Giving up on images seems a bit extreme. There are better methods.

Keep your operating system, browser, and antivirus software up-to-date. Of course, you should be doing that already.

Be wary of photos whose origins you don't know.

And finally, have Windows show you file extensions so you won't be fooled. In Start menu's Search field, or in Windows 8's Search charm, type folder options. Select Folder Options. On the View tab, uncheck Hide extensions for known file types.

See the original forum discussion.

Join the CSO newsletter!

Error: Please check your email address.

Tags securitymalware

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lincoln Spector

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place