Miscellaneous > Technical Support

iframe appended jpegs/some open anyway

(1/1)

davidnix71:
I stumbled across a reference to a trojan jpeg on a website. If I went directly to the url in FF2 and FF3, the image displays correctly in my broswer with no warning (it's a 44kb pic of a stack of folded newspapers. A drop/drag desktop copy won't open in Preview. I use a PPC Mac, so if the "virus" worked correctly it would bounce me off to the site appended to the picture. The address in the jpeg is corrupt, apparently, if I try to go there directly, I get a 404.

The drop/drag saved pic came back "infected malware" from Jotti's online scan. A Google search of the embedded site said the file had somehow become corrupt or the virus writer didn't do it correctly. The drop/drag saved pic will still open in FF.

Why is the display behavior inconsistent?  I have a copy of the jpeg with the iframe appended that WILL open in Preview. The copy has correct headers because I used the top menu in FF to "save as" instead of drop/drag. The drop/drag doesn't have the usual jfif or photoshop header. Both files are 44kb and both look the same.

A jpeg with an appended url shouldn't open in Preview or Firefox at all, assuming the repsective program writers did their job. A screen cap of the browser pic it removes the appended url and the size jumps to about double the original.

The appended url is plainly readable in HexEdit and TextEdit.

Navigation

[0] Message Index

Go to full version