Dozens of porn sites are turning to a familiar source to generate likes on Facebook malware that causes browsers to surreptitiously endorse the sites. This time, the sites are using a newer vehicle for sowing this malware .svg image files.
The Scalable Vector Graphics format is an open standard for rendering two-dimensional graphics. Unlike more common formats such as .jpg or .png, .svg uses XML-based text to specify how the image should appear, allowing files to be resized without losing quality due to pixelation. But therein lies the rub: The text in these files can incorporate HTML and JavaScript, and that, in turn, opens the risk of them being abused for a range of attacks, including cross-site scripting, HTML injection, and denial of service.