I published the following diary on isc.sans.org: “Malicious SVG Files in the Wild“.
In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people . SVG files (or “Scalable Vector Graphics”) are vector images that can be displayed in most modern browsers (natively or via a specific plugin). More precisely, Internet Explorer 9 supports the basic SVG feature sets and IE10 extended the support by adding SVG 1.1 support. In the Microsoft Windows operating system, SVG files are handled by Internet Explorer by default… [Read more]