Hidden malicious scripts on images?

[gelay]

I'm a moderator of a particular forum and I see gradually see some suspicious posts with images. Is it possible that malicious scripts can be concealed inside an image? If yes, is there necessary steps how to detect such?

[SteveW]

I found a few reports about malicious scripts concealed inside images, but it appears possible they're all referring to the same one incident. Here's one of the articles: http://www.pcworld.com/article/133275/innocentlooking_gifs_host_malware_attacks.html

People discussing the incident don't seem to agree about how much of a threat it really is. 

If you download an image to your PC and open it with a text editor like Notepad, you should be able to see if there is PHP code embedded in it. Or you could "type" it in Windows, or "cat" it in Linux:

type someimage.gif
cat someimage.gif

The contents would mostly be garbage, with some plain text mixed in. 

More dangerous would be PHP scripts whose names try to make them look like an image, even though they're really not. Example: image.gif.php

Your forum software probably allows you to limit what file types users can upload.

[ciara1]

Stevew, that's really a technical advice, you have helped thousands of people with the solution you posted.
Am greatly helped, cause i have a victim of such malware for long.
thanx