Miscreants have developed a strain of malware that steals image files from compromised systems. The Pixsteal-A Trojan dispenses with the conventional tactic of only stealing text files, instead concentrating on uploading .jpg, .jpeg, and .dmp (memory dump) files from infected machines onto a remote FTP server. The switch in …
Is this on Windows or Android?
A timely reminder
"Users typically rely on photos for storing information,"
Never take photos of your passwords.
Re: A timely reminder
It's easy to sneer - but what if they're using CSI-tech? Then the reflection on the side of the passing bread van of the post-it note on your colleague's monitor will reveal the password that opens the diamond vault! What's the Albanian for "enhance"?
Re: What's the Albanian for "enhance"?
At the risk of being seen as a bit of a swot for Albanian linguistic fluency I can tell you that "Enhance the image of the note." is Automjeti im është plot me ngjala.
I've spent the last five years wondering when this attack is going to show up. When I think of the number of times I've been asked to fix friends' and colleagues' PCs WITHOUT looking at the pictures... Still, one more reason to have people sort out their security!
@ umacf24 - Re: Finally!
. . . specially when you're lazy as me and just search for *boot*.* to find a bootlog and end up with a 500 file picdump of heeled ladies in leather . . . hurhur.
T'was darn funny, though, specially the clients face going ff0000, as he was looking over my shoulder.
A student (tertiary ed, fortunately), put a memory stick into a lecturer's iMac - iPhoto opened up showing some rather explicit personal photos.
You don't need malware if you don't take care of your intimate snaps.
I'm happy to share my goat porn.
"I'm happy to share my goat porn"
You've even gone to the trouble of learning their language
Aha! Now I know how that antique pic of Linda Lovelace giving me shallow throat ended up on Farcebook.
Sounds pretty stupid to me
All you need to do is accidentally infect a pc full of child porn and it will start uploading it to your servers.
Police may not really care too much about you nicking a few people's bank details, but they'll certainly come after you for a server full of kiddy porn. It also has the effect of giving whoever you get it from an 'out'... "My pc is infected with malware which is communicating with a server full of it? Well it must have been put there by the Trojan."
Re: Sounds pretty stupid to me
You never know, that might be what they're hoping for. Regardless, if this thing is n the wild, I'm sure it's already happened.
Any chance of getting the details of the FTP server?
You know for research purposes and err stuff....
Would be money well spent
if the miscreants will sort through the tens of thousands of snaps I've taken and never got around to sifting through. In the days of film I had to think "is this worth a buck?" before pressing the button, now I just think "still most of a terabyte still free".
In fact I'll pay them double if they delete the crappier ones and tag the people!
" but they'll certainly come after you for a server full of kiddy porn"
Unless your either in the BBC or a conservative MP of course
Well, when I think about the quantity of jpegs I have on my systems, and think about the length of time it took to backup to Carbonite on a DSL line, they'll probably have a looooooot of sifting through innocuous pictures of landscapes before finding anything remotely salacious. By which time, you'd think someone would notice their internet running slowly.
Finally, BT saves us with their crap infrastructure!
Although a good trojan would scan the files locally, looking for a higher proportion of pink hues and selectively uploading to reduce the bandwidth requirements and increase the chances of success..
Maybe make an MD5 hash first & check it against a database to avoid getting hundreds of copies of images of "actresses"?
Anon, for obvious reasons, but imagine the Paris Hilton icon
Why not just take it from Facebook
Why not just take it from Facebook?
Help! someone stole my Adult p..........er,,,,,, company`s image folder
The defence is obvious..
...Just convert all your .jpegs to .pngs.
back to the real world...
Although the "trojan-stole-my-porn-collection" scenarios are amusing, have you thought about how many business documents are stored as images? With images of a company letterhead, director's signature and a fax-modem (why do people still use fax?), you could do some quite lucrative fraud. Or merely search the images for company "secrets".
OK, I'll get my coat. A final thought, who's stupid enough to write a trojan to steal porn when there's an internet full of free stuff?