Wikipedia
Graphics Interchange Format Java Archives (GIFAR) is malware that allows an attacker to piggyback off the victim’s HTTP cookies. A GIFAR is a photo that can "borrow" a victim's online credentials, possibly taking over the web user's session.
GIFAR is a Graphics Interchange Format (GIF) image file combined with a JAR file. Altered GIF files can be uploaded to Web sites that allow image hosting, and run code that works inside that site.
In this attack, GIF Java archive files (GIFARs) run code through anyone viewing (opening) such a file. This method gets around the browser-imposed " same-origin policy" to bypass the usual content validation. Attackers reference this malicious image in the applet code on the hosted site, establishing cross-domain communication with the target domain. The GIFAR exploit has been demonstrated as an effective attack against Web applications such as Facebook.
This technique works because GIF images (along with other file type combinations that host a general class of vulnerabilities such as .doc, .jpg, etc.) store their header in the beginning of the file, and JAR (ZIP) files store their data in the end.
GIFAR is not executable code that gets run when you view an image. For the attack to work, the victim must be logged into the Web site that is hosting the image. Any site that includes login sessions with user-uploaded pictures can be vulnerable.