Hacked.gif: The Hidden Dangers of Malware in Website Images

February 10, 2014 in Malware

For your company’s brand, sometimes image is everything. And how better to establish the your brand’s image than through the images on your website? The images you use on your website and social media accounts have to be chosen carefully.

You need to choose images that support the content you’re publishing and the message you’re promoting. You need to choose images that are appropriate for your audiences because you don’t want to offend anyone. And of course you need to choose images that you have permission to use. Using unlicensed images can cost you thousands of dollars in fines, even if they were put on your website years ago by a third-party web designer.

Images Impact Page Load Time

Did you know that the images you choose can also impact the functionality and even the security of your website? How many times have you visited a website and for some strange reason the images on the website seem to take forever to load? The reason is not that strange. Sometimes a web designer will forget to reduce the size of the image to something that is more appropriate for a fast-loading website. The result is an image file that’s so large, it can take what seems to be forever to load.

And the longer a page takes to load, the worse it can be for your business. Apart from the fact that your website visitors might just get irritated and leave your site, pages that are slow to respond could also cause you problems with the major search engines. Slow-loading pages can have an impact of search engine ranking. The search engines depend on satisfied surfers who will use their search engine again and again, and poor results can impact that. So as punishment the search engines may not show your website at all. But that’s not the only risk images can present.

Hidden Malware in Images

In their relentless pursuit of the next vulnerability to exploit, hackers have found a way to embed malware in the code that images are made of. For years, hackers and spammers have been renaming their files to end with .jpg, .tif, or .png so that when they emailed malware to their targets, the recipients assumed they were receiving image files and therefore were safe to open. The bad guys used to package their malware in .doc or.zip files, but as more users became more wary of opening such files, the hackers had to get even more creative.

But last year, researchers found that hackers had devised a clever way of hiding malware inside jpeg images. The researchers identified an attack where the hackers would first try to breach the security of a website in order to install their malware, and then hide the malware inside an image where it couldn’t be detected by malware scanners.

And those are not the only tricks hackers have up their sleeves. On many websites, images can include links so that clicking on the image will take the user to a related page or website. Hackers can change the code in that link so that visitors are guided to a page that looks similar to the one you had originally linked to but instead tricks the visitor into downloading malware or revealing sensitive information. This kind of attack was discovered almost a decade ago so you can bet it’s advanced pretty far since then.

That’s why it’s so important not to take your website images for granted. They can slow down page loading speeds, irritate customers, and cost you sales. Worse than that, they can make your website a security minefield for the customers you rely on to survive.

How To Reduce Your Risk

  • Talk to your web designers and make sure they’re aware of the risks and taking steps to reduce them.
  • Reduce all website images to the smallest size or dimensions you actually need or can get away with. After optimizing the file size of all your images, look into utilizing a Content Delivery Network (CDN) to further accelerate page load times.
  • Control access to your image libraries so that hackers can’t alter the images for malicious purposes.
  • Make sure all the images you use are appropriate, represent your brand and business the way you want, and are appropriately licensed. Remember, just because someone in your business or who works for you gave you the images doesn’t mean they or you have a right to use them.
  • Once loaded on your web pages, check your images regularly to make sure that any links in them go where they’re supposed to.
  • Malware in images can’t launch on its own–it needs code in a text file to activate it. Set up a website scanner to monitor your website text files for known malware strains.

Sometimes it’s the stuff we never think of us that can cause us the most harm. Images on a website are for more than just breaking up text. And if you plan to use them to promote your business and goals, you can bet hackers and malware authors will try to do the same. Don’t wait until a crisis strikes: equip your site with the latest in malware detection, remediation, and prevention technology.

Google Author: Neal O’Farrell

Latest Articles
Follow SiteLock