Don’t Click on That Picture! It May Contain Malware
But what a lot of Internet users don't know is that even something as simple as an image on your computer screen could contain malware. These programs, when downloaded to your computer, can potentially be used to steal sensitive information, leading to identity theft or at the very least compromised computer security.
How does this image-based malware work?
Steganography Made Simple
The most recent cases of images containing malware used a process called steganography, which hides a message or file inside another file, such as an image.
In a recent string of computer infections, seemingly harmless images of cats and beautiful sunsets, usually sent via email, contained malware which was downloaded onto the users' computers as a JPEG file when the users clicked on the images. This made the file appear to be just another image, perhaps one that may have gotten saved in the wrong place.
But hidden inside this JPEG file, reports digital photography site PetaPixel, was malware. The malware in these images was programmed to bypass security systems on users' computers and steal log-in information entered online, such as the usernames and passwords for online banking websites.
Watch for Double Extensions
Another possible way for image-based malware to infect Windows computers is through the use of double extensions.
According to PCWorld, this method takes advantage of Windows' file-naming conventions by adding two extensions -- the letters that identify the format of a file -- to the end of a file, such as "picture.jpg.exe."
While most Windows computers will display the file as an image using the .jpg extension, it's actually an .exe file, which denotes an "executable program." This means that as you're viewing the image, a malware program is being downloaded onto your computer and likely attempting to mine your sensitive personal data or take control of your computer.
How to Prevent Being Infected by Image-based Malware
Luckily, there are some simple steps you can take to prevent being duped by these dangerous images:
- Don't click on images in suspicious e-mails. Just like links, you should consider any image in a suspicious email a direct digital doorway to infection.
- Keep your software up to date. Computer companies and software makers are constantly upgrading their products to protect against new threats. Keeping up with these updates will keep you from getting left behind and potentially exposed to dangerous malware and viruses.
- Change your settings and pay attention to file extensions. If you are on a Windows computer, change your default setting to show you the extensions of files that are being downloaded, to protect against the double extension trick. Any time you see a file ending in .exe, be especially cautious.
Regardless what operating system you use, be aware of the types of files you should and shouldn't download. One picture could be worth a lot more than 1,000 words to an identity thief.
- Online Scams (FindLaw)
- Warning: Mobile Malware Infecting More Smartphones (FindLaw's Common Law)
- Top 10 Signs an Internet Hoax Landed in Your Inbox (FindLaw's Common Law)
- Google Report Reveals Malware, Phishing on 'Safe' Sites (FindLaw's Technologist)