Hackers will often try to hide malicious code in files with image extensions like “.gif”. Here’s a command line that will help identify suspicious files:
1 2 3 4 5 |
find -name '*.gif' -o -name '*.jpg' -o -name '*.png' -exec file {} \; \ | grep -v 'GIF image data' \ | grep -v 'PNG image data' \ | grep -v 'JPEG image data' \ | grep -v _vti_cnf |
Not every file returned in this scan is malware. Pay special attention to files of type text. It’s not unusual to see an image file where the file extension does not match the content – so a .png file might actually contain a JPEG file.