Researchers warn of image-stealing malware

Researchers are warning users following the discovery of a malware infection designed to collect and upload image files to a remote server.

The malware, dubbed PixSteal-A by Sophos researchers, infects Windows PCs and then runs a search for all jpeg and dmp file types. The infected systems then establish a connection to a remote server via FTP and then upload the collected files.

While researchers report that the collection server is hosted in Iraq, the location of the individual controlling the operation is unknown and could be anywhere on the globe.

The aim of the operation is currently unknown and researchers are not yet sure how the attacker plans to use the pilfered images.

Chester Wisniewski, a senior security adviser at Sophos had a simple recommendation to users and administrators looking to prevent their image files from being compromised by the malware: simply disable FTP connections at the firewall level.

Wisniewski noted that because FTP does not use encryption measures when transmitting data, the protocol is outdated and leaves users at risk for attacks such as password and credential theft.

"While that might seem extreme, I suggest to you that you shouldn't allow FTP access to begin with," Wisniewski advised users in a post to the Sophos Naked Security blog.

"FTP should have died a long time ago and you can help. Just refuse to use it."

Though the emergence of sophisticated, targeted attacks has dominated headlines recently, malware growth across all levels and sectors is soaring.

While mobile devices such as Android handsets have grown in popularity with malware writers, Windows PCs remain by far the most heavily targeted systems.