Google's GoogleUserContent CDN has been infected with malware and is not serving compromised images

Steve Smith talks about the latest malware related incident to be reported relating to GoogleUserContent content delivery network, owned by Google, which is apparently serving malware compromised images.

Episode #8-48 released on July 22, 2018

Watch on Youtube

Many of us take for granted that some file types, supposedly, cannot be infected. Today, I will be educating you on that very flawed, very wrong, and dangerous myth, with news that the content delivery network of Google has embedded code injected by malicious hackers that has compromised images by infecting the malware into the EXIF format to hide the malicious code. This is made worse by the mere fact that very few people ever scan images for viruses, so the number of compromised computers and devices can skyrocket really fast. The web-sites that use Google's image CDN are generally, but without limit, Google Plus, GoogleUserContent sites blogger forums like, and more.

Why are images, and other files infectible with malware?

One method that demonstrates how any file can be infectible with malware, including images, is in using a stegosploit, an exploit using steganography, which refers to hiding information of any kind in images, messages or files. Images are now treated as programs and therefore when they are loaded in a browser, code can be run that can compromise the computer itself with malware. Most malware and antivirus software could scan for this, but users usually opt to scan other more commonly known exploit vectors since we have commonly agreed with the myth that images, text files, etc. cannot be infected because that would supposedly corrupt the file, a dangerous misconception in itself.

Should you panic though?

Now, the stegosploit is easy to do, and using it would not necessarily infect your computer, but it is an important step in explaining what can be actually done to exploit your computer. There was an exploit vector called MS04-028 in which loading a cleverly drafted JPEG file actually exploited the computer. And, while steganography is a definite possibility with nearly any image type, we must remember a very specific detail about this, steganography itself, is a feature, not a bug. You can merge a zip file and a JPG file together to mask the type of file it is, and have the image actually load. The image size will be bigger than it is supposed to be, but most novice users will either not notice this, or be aware of what the image size was supposed to be.

You should still be careful, always run antivirus software, and always install the latest updates, do not open files from places you do not trust, including office files, and never under estimate the power of feature sets. Also, make and maintain backups of unreplaceable personal files, too. You should not necessarily panic, but you should definitely be cautious, and while, the new method could infect you, maybe. There is no particular way to avoid this issue, either. As I mentioned, the issue is part of a feature set, and web-sites that archive any photographs need to scan all files for content of any kind, including within the EXIF information.

Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net

Sources & Resources

Community Comments

Share your thoughts, opinions and suggestions

Login or Register to post Your comment.