- Jul 22, 2014
- 2,525
SVG has all the makings of a great malware distribution medium, and crooks are bound to migrate to this new file format, now that Google has moved to ban .js email attachments.
SVG is an image file format that's used to store scalable vector graphics (SVG) using XML syntax.
Unknown to most is that developers can also embed JavaScript code in SVG files. While most use it to animate the image in one way or another, some clever crooks realized they could also do it to do harm.
SVG can carry JavaScript payloads
Today, JavaScript has been weaponized against users for years. Already used in malvertising and drive-by download attacks, JavaScript has become a feasible attack method even on the desktop itself.
In the past years, and last year alone, JavaScript has become one of the most used methods to infect computers with malware. Crooks usually hide JavaScript (.js) files in ZIP archives, and send the files via emails, as attachments.
Gmail and most email providers will look inside these archives unless they're password protected. When the .js ban kicks in on February 13 for Gmail's services, most spammers will be forced to adapt, as they won't be able to use .js files anymore.
SVG is the prime candidate to replace .js files because it can also execute the same exact JavaScript payloads. All crooks have to do is to repackage their attachments and move their code from one file to another.
Even better, by default, on Windows, SVG files will run in Internet Explorer, which is the perfect medium for executing malicious JS.
...more in the link above.
SVG is an image file format that's used to store scalable vector graphics (SVG) using XML syntax.
Unknown to most is that developers can also embed JavaScript code in SVG files. While most use it to animate the image in one way or another, some clever crooks realized they could also do it to do harm.
SVG can carry JavaScript payloads
Today, JavaScript has been weaponized against users for years. Already used in malvertising and drive-by download attacks, JavaScript has become a feasible attack method even on the desktop itself.
In the past years, and last year alone, JavaScript has become one of the most used methods to infect computers with malware. Crooks usually hide JavaScript (.js) files in ZIP archives, and send the files via emails, as attachments.
Gmail and most email providers will look inside these archives unless they're password protected. When the .js ban kicks in on February 13 for Gmail's services, most spammers will be forced to adapt, as they won't be able to use .js files anymore.
SVG is the prime candidate to replace .js files because it can also execute the same exact JavaScript payloads. All crooks have to do is to repackage their attachments and move their code from one file to another.
Even better, by default, on Windows, SVG files will run in Internet Explorer, which is the perfect medium for executing malicious JS.
...more in the link above.
