We were recently tasked with recovering a third party website that had been badly attacked by malware and backdoors, so much so that even every single jpg image on the site had been infected with malicious blocks inside the exif data.

Perhaps an older version of Internet Explorer had an exploit where a payload could be delivered by maliciously crafted jpgs, but hardly a threat in todays age.

Besides the point, we had over 20,000 images to de-infect, and it wasn’t practical to open each image in an editor, strip the exif tags by hand, and resave it, so we wrote a little script for linux machines to take care of it.

On debian like machines, simply install exiftool.

exiftool can be installed via

sudo apt-get install libimage-exiftool-perl

Once you have exiftool installed, make a backup of your images, then change directory to your original image directory and execute:

cd public_html/assets/img
exiftool -all= *.jpg
rm *.jpg_original

And boom, exiftool will strip all malicious tags from your images.

If you need recursively fix the images

cd /path/to/public_html
find . -name "*.jpg" -exec exiftool -all= {} \;

You should always backup files before recursively altering them.