PHP exploit code found on image-hosting site

Security researchers have found PHP exploit code embedded in a GIF on a major image-hosting site. The exploit code slipped through the site’s defences with the aid of a legitimate image at the beginning of the file, according to a blog post on the Sans Institute’s Internet Storm Center. “It is a clever way to pass exploit code to others without it setting off alarms or attracting attention, all [the] while bypassing network security tools,” the blog noted.

Malicious attackers planted PHP-coded exploit script within an image file. PHP is often used as a programming language to create dynamic websites.

Once this type of malicious GIF is uploaded to a server, it can cause havoc by remotely allowing more exploits to be deployed on the system, said Johannes Ullrich, chief research officer for the Sans Institute.

When users download the image to view it, the server parses the PHP code and the exploit is executed, as it serves the image to the user.

Over the past six months, this type of technique has been occurring with increasing frequency, Ullrich said.