GIFAR… Just what I was afraid of…

Felt like posting this as soon as I got it so (who knows) when someone reads this, he’ll know he’d be in danger.

Some NGS researches figured a way to implant some malicious JAVA thingies in GIF pictures… Here’s how it goes:

1- Compile a malicious JAR file
2- Combine it with information from a GIF file
3- Put the GIF file in some website…
4- A victim opens it up… The browser gets fooled and load the GIF file
5- The Java Virtual Machine will load the JAR file combined in the GIF file
6- The magic that you wrote in that JAR file will work…

Virtually, since Java Virtual Machine is installed in EVERY OPERATING SYSTEM, it’ll damage every operating system… I mean that MAC OX won’t save, neither Windows and maybe Linux too…

And if you made your own OS with a standard Java Virtual Machine, you’ll get some of that too…

Be careful people out there… It’s not implemented yet… And not fixed yet…

Hackaday Link

Infoworld Link

2 thoughts on “GIFAR… Just what I was afraid of…

  1. Means symbian phones are fucked too .. since they use JAR files ..
    but it does ask you to confirm a JAR installation first ..
    so i wonder how thats going to work out for malicious code o.o

  2. maybe doesn’t work out for phones, but computers, pdas (iphone, ipod and whatever) might be in risk as well…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.