07-17-2013 08:17 AM
I found following article.
This is pretty interesting technique, though if people hits this kind of malware, is Threat Prevention (or might be wildfire?) able to detect this malware?
Regards,
07-17-2013 02:25 PM
Hopefully PA will add this as a general threat that a jpeg contains a malformed exif-header (or rather the exif-header contains data which shouldnt exist there in normal situations).
Such as the /.*/e^ or for that matter eval, base64_decode and the other stuff.
This would also be interresting to exploit regarding as a tunneling technique.
That is similar to how What2Code – IT Security Blog used ssh within web-browsing session (and later ssh within dns session) now you can take it a step further and use proper http etc but tunnel through jpegs which is being sent back and forth 🙂 (and this way you would be screwed as soon as you let the client use web-browsing as appid)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
