New Attack: Combine Files With Jar Scripts - gHacks Tech News

New Attack: Combine Files With Jar Scripts

A new attack, dubbed Gifar by their creators named after the two file types that they mixed to create the attack (Gif and Jar), was mentioned in a Black Hat Sneak Preview article over on ZDnet.

Not every aspect of the attack was revealed in the preview but what it made clear was that the researchers who found the issue combined two files for that.

What is interesting about this attack is that it combines the two files gif and jar in the attack. The container file type is shown normally in the browser but the Java applet is executed at the same time as well provided that Java is enabled and installed.

Many file and image hosts filter dangerous file types. If you tried to upload a Jar file to most of them you would get an error message stating that the file type was not supported.

Many however fail to analyze the file itself and simply reject files based on their extension which opens the door for this attack.

That's a pretty dangerous exploit. Imagine someone who uses this to upload a new avatar to popular websites like Facebook or Myspace (two examples, I have not checked if the two use advanced upload filters). It could do all sorts of things with the Java Applet once users open up the profile page and are exposed to the profile image.

The only valid defense against this type of attack is to disable Java on the computer for the moment. Sun is already working on a fix although the researchers say that it is not Sun's fault that this vulnerability exists.

Update: Most web browsers block Java from running automatically nowadays and some block old versions of Java from being loaded at all by them.

Google announced recently that it will retire all "old NPAPI" plugins starting January 2015 in all versions of the company's Chrome browser.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. Chris said on August 1, 2008 at 8:45 pm
    Reply

    I have heard of hiding files using winrar that combines them into a single picture, but usually the hidden features of the file can only be opened by changing the extension of the file.

    http://www.sizlopedia.com/2008/01/23/how-to-hide-important-files-inside-a-picture/

  2. Martin said on August 1, 2008 at 8:50 pm
    Reply

    Chris this one is different since both files are executed when the browser opens them. You see the image and think everything is fine while a Java applet is executed in the background.

  3. Jonathan said on August 3, 2008 at 8:11 am
    Reply

    Again, this is the exact reason I use Firefox with No-Script. I would never go back to IE or any other browser, unless they had a script blocking feature.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.