Newly-found hybrid attack embeds Java applet in GIF file

Researchers at NGSSoftware have developed a hybrid attack capable of hiding itself within an image and intend to present details on the exploit at the Black Hat security conference next week. New and esoteric attacks are part and parcel of what Black Hat is about, but this particular vector could target web sites with a particularly vulnerable population: MySpace and Facebook. Social networking web sites tend to attract younger users, and while this particular attack can be used in a variety of ways, embedding the hook in profile photos that are then seeded and targeted at the teen crowd could be a very effective tactic.