Hackers hijack websites by uploading photos

It was only last week that we reported how ImageMagick, a popular library for image processing on websites, contained a vulnerability leaving countless web domains open to exploit.

It didn't take long, but cyberattackers have jumped on the flaw and have already begun upgrading exploit kits and developing new code to compromise websites -- and therefore reach your devices.

ImageMagick is a critical image processing library used by many websites which support image processing and bulk uploading.

The open-source software acts as the supporting infrastructure for a number of processing plugins -- including PHP's imagick, Ruby's rmagick, paperclip and node.js's imagemagick.

As content sharing online became ever more popular, these systems now provide a critical service for many web domains.

Recently, researchers discovered a flaw in the system, CVE-2016-3714, which if exploited through the upload of malicious images, leads to remote code execution and hijacked domains, malware distribution and information leaks.

Proof-of-concept (PoC) examples have been released.

According to researchers at CloudFlare, the flaw -- dubbed by some as "ImageTragick" -- is being actively exploited to attack websites.

There are a number of different exploit kits and scripts which are now implementing CVE-2016-3714, but the worst of which so far implements the Python scripting language. The researchers say:

"The parameters to the program are the IP address and port of a machine to contact. The python code connects to that machine and makes a shell available on the web server to the attacker. At that point the attacker can interact directly with the web server.

With a single exploit they can get remote access and then proceed to further hack the vulnerable Web server at their leisure."

Researchers from Securi have also witnessed cyberattackers using the vulnerability to launch attacks against specific targets with malicious code disguised as benevolent .JPG images.

Although it is not yet known if any of the attacks against websites using ImageMagick have been successful, considering how quickly the vulnerability has been exploited and how wide-ranging ImageMagick's use in websites is, it is likely -- placing not only websites, but users visiting these domains at risk of exposure.

Webmasters using ImageMagick should update their software to the latest release as quickly as possible.

Security

Do you need antivirus on Linux?

6 ways to protect yourself from getting scammed online, by phone, or IRL

The best VPN free trials for 2024

8 habits of highly secure remote workers

How to find and remove spyware from your phone

• Do you need antivirus on Linux?
• 6 ways to protect yourself from getting scammed online, by phone, or IRL
• The best VPN free trials for 2024
• 8 habits of highly secure remote workers
• How to find and remove spyware from your phone

10 things you didn't know about the Dark Web

Read on: Top picks

• Apple goes server-side to fix Siri lock screen bypass security flaw
• Bug bounties: Which companies offer researchers cash?
• Cyberattackers botch integration of Adobe Flash zero-day vulnerability in exploit kits
• Meet the company which wants to stop pirates using the Web until they pay up