So, you’re at work and a friend sends you an email with a couple of pictures attached. When you receive the email, no pictures. Whilst not surprising, it’s still annoying:
“Why? They’re harmless. It’s photos of his new car. Nothing sinister. Please can I have the pictures?”
The admin refuses. You call the admin all sorts of names thinking that he’s a grumpy nerd who simply spoils everyone’s fun. Actually, he’s not. Apart from the obvious, these files aren’t work related and they could be porn (yes, it happens!) there is a potentially more sinister reason. The image JPEG could have files hidden within it. These files could be anything, plain text, a virus, an MP3, instructions for blowing something up. Worse than that, most anti-virus applications don’t recognise the embedded file and ignore it without flagging it to the user.
Here’s an example. The Windows 98 Blue Screen of Death image at the bottom of my previous post isn’t as innocent as it looks. Embedded within that picture there is a hidden file that looks like this:
And this is the content of that file:
Think I’m kidding? I’m not. This post, this image:
Try it for yourself. You will need Winrar or something to open a RAR file. (Windows users) Right click and save the image to your desktop then right click it on your desktop and choose Open With, locate “Winrar” in the list and click. I won’t give Linux users instructions as they are 1337.
Scary isn’t it! That’s why Admins ban jpeg attachments. And because all IT admins are complete bastards…
