Can google images cause a virus?

[Hyperwolf122]

Hello! i was wondering, if I for example googled "cats" and clicked on a thumbnail of a image (just clicking on the thumbnail to view it, not clicking "view full image" or "go to website") and if the website was malicious, would it cause a virus? Or is that only if you actually go to the website? Thanks!

 

-Casper

[David H. Lipman]

If you willy-nilly Browse the Internet you can possibly land on a malicious web site using an Exploit and cause malware to be downloaded with a possible execution.

Your Profile indicates " Interests: Malware analyzing " so you should be well aware that all viruses are malware and not all malware are viruses and viruses play a very small fraction within the malware arena.  The vast majority of malware are trojans and the chances of a malicious web site using an Exploit to cause download and possible execution will be for a trojan, and not a virus.

Putting it back into perspective, if you are just using Google Images this will not be too likely.  It is possible but not probable and because that possibility exists, is the reason we install anti malware software on our computers.

Graphic files in themselves are not malicious per se.  The web site hosting it can be and that's why you always have to be on your guard.  Graphic files come in many formats such as GIF, PNG, JPEG, BMP, PCX and other formats.  There have been graphic files that have been crafted in such a way as to exploit known vulnerabilities in the Graphics Rendering module of MS Windows.  Left unpatched, that's one way a site using an Exploit can effect a malware download with a possible execution.  Graphic files can also be used to hide malware "in plain site".  The Graphic File can be manipulated in such a way as where a PE binary is appended to the graphic or mathematically added ( Example: XOR ) or by using steganography.  In that state the modified graphic file is safe and will not "self execute" and it will require a secondary program or script to extract the PE binary which is the malware.

 

Edited August 22, 2019 by David H. Lipman

[Hyperwolf122]

22 minutes ago, David H. Lipman said:

" so you should be well aware that all viruses are malware and not all malware are viruses and viruses play a very small fraction within the malware arena.  The vast majority of malware are trojans and the chances of a malicious web site using an Exploit to cause download and possible execution will be for a trojan, and not a virus.

Sorry about that there in the topic title and in my message, thank you for the correction! 

Thank you for this information,  I'll keep this all In mind!

[Avocado]

On 8/22/2019 at 4:54 AM, David H. Lipman said:

If you willy-nilly Browse the Internet you can possibly land on a malicious web site using an Exploit and cause malware to be downloaded with a possible execution.

Your Profile indicates " Interests: Malware analyzing " so you should be well aware that all viruses are malware and not all malware are viruses and viruses play a very small fraction within the malware arena.  The vast majority of malware are trojans and the chances of a malicious web site using an Exploit to cause download and possible execution will be for a trojan, and not a virus.

Putting it back into perspective, if you are just using Google Images this will not be too likely.  It is possible but not probable and because that possibility exists, is the reason we install anti malware software on our computers.

Graphic files in themselves are not malicious per se.  The web site hosting it can be and that's why you always have to be on your guard.  Graphic files come in many formats such as GIF, PNG, JPEG, BMP, PCX and other formats.  There have been graphic files that have been crafted in such a way as to exploit known vulnerabilities in the Graphics Rendering module of MS Windows.  Left unpatched, that's one way a site using an Exploit can effect a malware download with a possible execution.  Graphic files can also be used to hide malware "in plain site".  The Graphic File can be manipulated in such a way as where a PE binary is appended to the graphic or mathematically added ( Example: XOR ) or by using steganography.  In that state the modified graphic file is safe and will not "self execute" and it will require a secondary program or script to extract the PE binary which is the malware.

 

Sorry to bother in this topic, but is there any blog or informative page around regarding this about how it exactly works etc.

[David H. Lipman]

How "what" exactly works ?

You quoted a post that touches;  vulnerability exploitation, steganography and hiding malware in plain site by adding it to a graphic file.

 

[Avocado]

37 minutes ago, David H. Lipman said:

How "what" exactly works ?

You quoted a post that touches;  vulnerability exploitation, steganography and hiding malware in plain site by adding it to a graphic file.

 

 

I just recently understood pictures may contain spyware. For example how does it get executed, what are signs you have been caught by it, does Malware bytes detect it. 

For me, to get caught by a virus or spyware means you have to actually download something on your PC or Phone, seems like you can just get caught by spyware by simply clicking on a random picture and it could potentially have spyware in it. 

Just curiousity

[Avocado]

I googled Steganography Malware Bytes and I just showed a blog. Are there any blogs or pages somewhere related to Malware Bytes that gives more information regarding this? (Sorry I don't know how to edit the previous post)

[David H. Lipman]

Malwarebytes - it is just a one word name.

Steganography - https://en.wikipedia.org/wiki/Steganography

" Steganography (/ˌstɛɡəˈnɒɡrəfi/ (listen) STEG-ə-NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγᾰνός), meaning "covered or concealed", and graphe (γραφή) meaning "writing". "

Graphic files manipulated through steganography or mathematical manipulation are not executable.  Graphic files are rendered.  That means a program, utility or a OS construct opens the file and displays the graphic accordingly.  Such a file will still be rendered and the graphic shown.  It may be a low quality graphic or it may me very simplistic for its physical size but rendering it will not cause a malicious binary that was embedded within to be executed.  This takes an external file whether it be a a Script ( VBScript, Powershell, Python, etc ) or a utility that has been hard coded to take the manipulated graphic file and extract the malicious binary and execute it.

A graphic file that has been specifically crafted to exploit a vulnerability in a graphics rendering engine is another story.  But it is still not an auto executable situation.  For example a malicious web site may be setup to host the Graphic file that has been created to exploit a graphics rendering vulnerability.  When the graphic is viewed by the victim, the web site will attempt to take advantage of the chaos created by the graphics rendering vulnerability and exploit it where the web site causes a malicious executable to be downloaded and run.  Alternatively this may be done in a specially crafted MS Word or MS Excel document which uses take advantage of the chaos created by the graphics rendering vulnerability and exploit and cause an embedded ( OLE ) malicious executable to be run or a VB Script to download a malicious executable and then run it.

The important takeaway is that a graphic file can be malicious in nature but without external assistance can't infect a computer with malware.  It will take that external assistance for it to take place.  In the initial post it was specifically asked about "Google Images".  Here the external assistance could be the Browser in conjunction with a malicious web site.  While Malwarebytes products will not detect a malicious graphic via signature detection, its web protection module coupled with its exploitation protection module will mitigate that kind of threat.

 

 

Edited August 27, 2019 by David H. Lipman
Edited for content, clarity, spelling and grammar

[exile360]

Just FYI, I discovered this article which provides more details on steganographic malware which you may find informative.  It also provides a short list of known threats which use this method as a component of their attack vectors:

Quote

Microcin (AKA six little monkeys)
NetTraveler
Zberp
Enfal (its new loader called Zero.T)
Shamoon
KinS
ZeusVM
Triton (Fibbit)

You may search each threat by name to find more info about it.

Edited August 27, 2019 by exile360

[Avocado]

2 hours ago, exile360 said:

Just FYI, I discovered this article which provides more details on steganographic malware which you may find informative.  It also provides a short list of known threats which use this method as a component of their attack vectors:

You may search each threat by name to find more info about it.

I just been googling and trying to understand it all.. came accross this website aswell -> https://commons.wikimedia.org/w/index.php?search=steganografie&title=Special%3ASearch&go=OK&uselang=nl&ns0=1&ns6=1&ns12=1&ns14=1&ns100=1&ns106=1

I saw there are audio files ending with .ogg on it, are these stereography files? since I know I have those on my phone aswell?

[exile360]

Theoretically pretty much any kind of file can be manipulated via steganography so it's not really limited to files of any particular type/extension.  OGG files are just a particular type of audio file the same way that MP3 and WMA files are; it's just a different container is all and requires a compatible codec to play them.  That said, at least on Windows, the Exploit Protection component in Malwarebytes is configured by default to shield common media players so theoretically infected audio/video files that try to launch in a protected media player should be detected.

[Avocado]

9 hours ago, exile360 said:

Theoretically pretty much any kind of file can be manipulated via steganography so it's not really limited to files of any particular type/extension.  OGG files are just a particular type of audio file the same way that MP3 and WMA files are; it's just a different container is all and requires a compatible codec to play them.  That said, at least on Windows, the Exploit Protection component in Malwarebytes is configured by default to shield common media players so theoretically infected audio/video files that try to launch in a protected media player should be detected.

Really appreciate all the information you have provided me.

I just would like to know that my computer could not in any way get effected by the website I gave you right? I didn't click on the audio files. Just read the text.

 

[David H. Lipman]

You mean that non malicious, WikiMedia, web site that hosts legitimate sound bites ?

Why do you think it is a malicious site that you have to worry about their sound bites ?

If you thought it was malicious, why did you post the site so it is a live, clickable, link ?

Think !

[Avocado]

11 hours ago, David H. Lipman said:

You mean that non malicious, WikiMedia, web site that hosts legitimate sound bites ?

Why do you think it is a malicious site that you have to worry about their sound bites ?

If you thought it was malicious, why did you post the site so it is a live, clickable, link ?

Think !

True, that was definitely my bad for assuming only knowledge people would read the post and figure out themselve that the link contains no virusses.

I assume everything on that website is safe? If you could confirm that, I can just stop googling about all this stuff and leave it be. thanks

[David H. Lipman]

The website is safe.

 

[Mickyyy]

I also had a same query. Thanks to Hyperwolf122 who initiated that topic. I manage

and download free images from google for my blog posts. But Now, I got the sufficient knowledge. Thank you once again. 

Edited October 16, 2019 by AdvancedSetup
removed marketing link

[Mickyyy]

Ohh sorry, I didn't knew that mentioning personal blog will lead to the marketing link. anyways, Thank you