Hi, all.
I've always wondered whether the image results you get from a search engine, such as Google or Yahoo, can infect your computer. Does Google or Yahoo scan these images from other websites before they are cached? Thanks.
Thanks, guys!
Krusty13 is correct that clicking a malicious thumbnail image in the Google Image Search results will cause the browser to send a request to the page where the image resides, and JavaScript on the page will run unless you have blocked scripting in your browser. It is exactly the same thing that would happen if you clicked a regular link in a Google search that happened to direct to a compromised site that was hosting a malware exploit kit.
I don't think there is any reason to be overly concerned about this as long as you are taking the usual precautions you would take when clicking on any link. Restricting which sites can run JavaScript in your browser is always a good idea, no matter what.
My 2¢ - I usually do not click on images in a Google result page. I first check the URL of the involved image/s with https://sitecheck.sucuri.net/ and https://www.virustotal.com/en/. I know, not fast but hopefully safe.....
When I have clicked an image to see it larger, like your second screenshot, I have had MBAM block IP addresses on occasion, so it would appear that just clicking to enlarge the image may be enough to cause grief.
Cheers.
Thanks, SendOfJive.
According to the article you linked to...
- Now, when a user searches for something through the Google image search function, thumbnails of pictures are displayed. Depending on the automatically generated content in step 3), number of links to the web page and other parameters known to Google, the attacker’s page will be shown at a certain position in the results web page. The exploit happens when a user clicks on the thumbnail.
Google now shows a special page that shows the thumbnail in the center of the page, links to the original image (no matter where it is located) on the right and the original web site (the one that contained the image) in the background. This is where the “vulnerability” is.
So, the thumbnails displayed in Sceenshot 1 are not directly linked to the websites they originated from?
Sceenshot 1
What about the larger image and thumbnails on the right in Sceenshot 2? Are they directly linked to the websites they originated from?
I always thought as long as you didn't click either the Visit page or View image button, you'd be fine.
Sceenshot 2
It is unlikely that you can become infected from the images themselves on the search page, unless there is a zero-day exploit somewhere leveraging a software vulnerability in the OS, the browser, or another program that displays images (you would probably quickly see news about such a vulnerability once it was discovered). On a system that is up-to-date, the risk would be low, and the threat would apply to any potentially malicious image you viewed, not just the Google image cache.
Now, the Google Image Search has in fact been used to distribute malware in the past, but the way that works is that a site will be compromised, the bad guys get Google to link to an image on the site, and when you click the image in the Google Search, it takes you to the hacked site where scripts are used in an attempt to infect your PC. So, it isn't the image itself that delivers the malware, it is the site you land on when you click the image. Using something like NoScript in Firefox will block the scripts and prevent the attack.
It has been several years since there was a large number of such Google Image-based attacks, so one assumes that Google is now doing a better job of screening for malicious links.