图像中如何存在病毒? [英] How can a virus exist in an image?
问题描述
我最近观看了芬兰互联网安全专家的此视频。在第11分钟左右,他谈到了隐藏在图像中的病毒,并在图像即将显示时执行。
I have recently watched this video of a Finnish internet security expert. Somewhere around eleventh minute, he talks about a virus which is hidden in an image and executes when the image is about to be displayed.
我想知道它们在技术上是如何做的这样的事情,我的意思是病毒如何执行,当图片应该显示时,图片怎么会在某些地方不受影响办法。我认为计算机首先查看扩展,然后使用适当的程序打开它并让程序自己工作(我不希望常规的图像查看器能够在其自身内运行病毒)。显然它不会那样工作,但我问的任何人都无法帮助我解决这个问题。
I am wondering how do they technically do such a thing, I mean how come the virus is executed, when the picture should be displayed and how come the picture is not compromised in some way. I thought the computer first looks at the extension, then opens it with appropriate program and lets the program work itself (and I don't expect regular image viewer to be able to run a virus within itself). Obviously it doesn't work like that, but no one I asked could help me out with this.
所以有人知道他们是怎么做到的,这个原则是什么?非常感谢。
So does anyone know how do they do this, the principle? Thank you very much.
推荐答案
你的操作系统会选择一个程序并要求它打开图像。操作系统不会要求程序执行图像 - 这是无稽之谈。
You're correct that your OS will pick a program and ask it to open the image. The OS will not ask the program to execute the image — that would be nonsense.
然而,图像是复杂的格式,通常包含元数据和其他未直接显示的部分 - 您可以隐藏其中的内容而不影响屏幕上的图像。因此,图像文件中可能存在潜伏的数据。
However, images are complex formats and often contain meta data and other parts that are not directly shown — you can hide stuff in there without affecting the image on the screen. So there might be hostile data lurking inside the image file.
此外,程序可能存在错误,特别是缓冲区溢出。简而言之,病毒可以通过将过多的数据放入元数据部分来利用这一点 - 大于解码图像所需的程序。内部缓冲区溢出并且具有足够的技能,病毒编写者能够将可执行代码放入内存中的正确位置,以便解码图像的程序最终执行代码。这样一个无辜的死文件就像一个图像可以主持利用。
Furthermore, program can have bugs, in particular buffer overflows. Briefly, a virus can exploit this by putting too large data into the meta data sections — larger than the program that decodes the image expects. The internal buffers overflow and with enough skill, a virus writer is able to put executable code into the right place in memory so that the program that decodes the image will end up executing the code. That way an innocent and "dead" file like an image can host an exploit.
这篇关于图像中如何存在病毒?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
