New iFrame Injections Leverage PNG Image Metadata

[rcjordan]

http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html


FWIW, this isn't exactly 'new' --just better developed than the ones found a couple of years ago.

[Rooftop]

Cunning.  Nice way to get past scanners.  In most use-cases you're still going to have an iFrame to an untrusted source appearing on your site though, so not hard to detect if you watch out for such things.  I can see this arriving on some of the less closely-monitored ad networks before long though. That seems to be the easiest way to get that script delivered onto websites and presumably it would slip pass the scanning done on tags.

[rcjordan]

About 5 years ago, I worked a lot with jpg binaries. Most of that work centered on a php image slideshow that dynamically 'unpacked' the html for the image's surrounding web page and site nav. All the code is stored in the jpg binary.  That worked and was indexed OK but wasn't a magic seo bullet. I also tried stuffking kws in the binary, but that didn't work at all.

Seems like there should be an seo play in there somewhere if these guys are injecting js.