IM photos compromise networks - silicon.com

Security experts are warning users that hackers can use JPEG profile photos on instant messenger to attack networks.

According to security company WhiteHat UK, hackers can use an exploit in JPEGs which enables them to embed malicious code into profile photos on instant messenger. When a recipient sees the photo on their instant messenger (IM) client, it can cause an exploit code, such as a Trojan or worm, to automatically execute.

Jason Hart, security director for WhiteHat UK, said: "Potentially, the photos that are sent with instant messenger could be used with the Microsoft JPEG exploits already out there. Essentially you can say it's the same as any JPEG using the IM protocol as a portal to come through."

IM travels on port 80, which is often regarded as a trusted channel because internet traffic also uses it. Hart said any company using IM that allows JPEGs was open to attack: "The majority of times, desktop computers are the last to be secured by big corporations


IM photos compromise networks - silicon.com