Need help sorting out how to use 23? Or have you discovered one of those nasty bugs?

Huh?

Kilessan   May 01, 2012, 07:40 AM

Hi,

pardon me for starting a public conversation on this, but I just received a notification for a new thread in the help group apparently involving one of my photos. It seems someone's antivirus software flagged a jpeg as malware? However, I do not usually give access to the original pictures, so the 'infected' images were resized versions (i.e., resized by 23)... and the original was more or less straight out of my raw converter. Someone seems to have done something, though: in my photo stream, the corresponding image's thumbnail briefly looked broken (perhaps the image was blocked briefly).

Now everything seems to be fine again, and the conversation in question even seems to have been deleted. So, should I worry about anything? As far as I can tell, my computer is malware-free, and I make a point of my uploaded content being 'clean' both with regard to the files and their content, anyway.

Regards,

 
Steffen Tiedemann Christensen Team 23   May 01, 2012, 08:02 AM

Hi Robert,

I deleted the conversation because it had a nature of spam (mentioning product names, including links) -- so that's one question answered. And then you're absolutely right that the reference to a problem mentions a rescaled photos, meaning that we're talking about a straight JPEG image. And yes, I would worry about your computer being malware-free in this context.

Steffen

 
Kilessan   May 01, 2012, 08:14 AM

At least I scan regularly with different tools, yet the last incident has been several years ago. So I assume everything should be all right at this end. Thank you for the info.

Regards,
Robert

 
mate-fotos   May 01, 2012, 08:49 AM

@Steffen: It was not my intention to spread spam. I just wanted to point to a safety problem. I will not mention any product names in the future. Sorry...

@Robert: Currently, the problem still exists ... Why didn't you erase the image and upload a new version of it again?
I hope your computer is really malware-free, but I fear he isn't.

Martin

 
Kilessan   May 01, 2012, 09:28 AM

What I was trying to point out is this: the images you linked to are resized versions. In other words: these images are generated by the 23hq.com server, not by me. You simply do not have access to the original image. Furthermore, all images in the album (16 in total) have been converted in a timespan of under an hour, on the same machine and using the same software.

So, at the moment I see two possibilities. First possibility: I have indeed malware on my computer which (1) has not been found by regular scans using three different scanning tools, which (2) has infected 1 but not the other 15 images I uploaded during the same session, and which (3) produces an "infection" in a JPEG (which is not an executable file anyway) that (4) furthermore survives the automatic rescaling/conversion process performed by the 23 server. In this case, simply re-uploading the file like you suggested would not work anyway.

The second possibility would be: the detection heuristic of your antivirus software simply produced a false alarm. This happens and BTW is a significantly simpler explanation, since it involves only one variable, not 4 or more like the other. I will re-check my machine this evening, but at this moment I am (following Occam's razor) tending towards explanation #1.

Regards,
Robert

PS: you could consider forwarding the image link(s) in question to the manufacturer of your security software. They will (hopefully) be able to tell whether it is a false alarm or not (and if it is, adjust their detection algorithm accordingly).

 
Kilessan   May 01, 2012, 10:23 AM

Final (at least for me) note: it _is_ a false positive. I just ran the 'large' resized version through virustotal.com. It shows indeed a detection of "Exploit/MS05-036.gen", but exactly from 1 out of the 42(!) tested scanners.

https://www.virustotal.com/file/27858e3740e2b9e09f277f3e31e9385cadbdbff71971662bc678f5b2bb68d01c/analysis/

Then I checked the original file. Downloaded from 23hq.com using a Linux machine, then uploaded to virustotal.com And guess what? 0 (zero) hits. ;)

https://www.virustotal.com/file/ee3a41420fe38875fee7b8deae26be1ac824d08f29d7b1497847f6a180654f0a/analysis/

So this really appears to be glitch in your security software.

Regards,
Robert

 
mate-fotos   May 01, 2012, 12:31 PM

Thank you for the work you've done and apologize for the circumstances which I have prepared for you.
It actually seems to be a fault in my security software.

Regards
Martin

 
Kilessan   May 01, 2012, 06:10 PM

Martin,

it's really no problem. Better be safe than sorry, especially when data security is concerned. If anything you have caused to re-check my system in extra-paranoid mode, which is also not necessarily a bad thing. ;)

Regards,
Robert

 
To participate in this conversation, you'll need to join the group




About 23

About 23
What is 23 and who's behind the service?
Just In
Discover the world from a different angle.
Here's a crop of the latest photos from the around the world.
Search
Search photos from users using 23
Help / Discussion
Get help or share your ideas to make 23 better
23 Blog / 23 on Twitter
Messages and observations from Team 23
Terms of use
What can 23 be used for and what isn't allowed
More services from 23
We also help people use photo sharing in their professional lives
RSS Feed
Subscribe to these photos in an RSS reader
  • Basque (ES)
  • Bulgarian (BG)
  • Chinese (CN)
  • Chinese (TW)
  • Danish (DK)
  • Dutch (NL)
  • English (US)
  • French (FR)
  • Galician (ES)
  • German (DE)
  • Italian (IT)
  • Norwegian (NO)
  • Polish (PL)
  • Portuguese (PT)
  • Russian (RU)
  • Spanish (ES)
  • Swedish (SE)

Popular photos right now

See also