Security researchers have identified a botnet that borrows an idea from steganography by burying commands in jpg images. The DlKhora botnet, which is primarily geared towards downloading other strains of malware, encodes instructions so that the command and control server appears to be serving up image files, SecureWorks reports …
Another partial success
It seems a bit strange to do this without hiding the data in actual images.
the filter that tries to block bot communication does not look at the actual image. At least not yet.
steganographic malware botnet
What computer Operating System does this steganography malware botnet run on?
Will the Register have an exciting follow up where a malware author uses "advanced stegonography" by putting the commands in a Jpeg/PNG/GIF comment section with a "sophisticated self-identification mechanism" (ie, a "start-of-message" indicator at the start, and an "end of messsage" indicator along with a checksum at the end). When you do get around to writing that article, don't forget to mention that the message contents are "encrypted" with a "variable key" (stored right after the start of message indicator, and used to XOR the command data, natch).
Obfuscation. Not stego at all. For this to be stego it would have to *actually* be a real image file, not just a bunch of text with a fake header slapped on the front.
And fairly trivial obfuscation at that.
i agree not stego
i want to write a bot that uses true steggo like knows where to find the original image (from some google page or a image hosting site) and then keeps its data stored like in the sample pictures of the computer or something i think that would be a cool bot.
Howto find a necessary image in the Flow? It's Damn easy.
Order the images from a page resize in your sandbox before they've gone loose into your OS. If you can't make one, why not to ask any from the handful of your friends?
Images that refuse to resize are the ones you need/don't need at all/always wanted to ask about but are ashame to.
But here we come closer to the problem ofputting to/removing the pic msgs from the Primary sources right after they are confirmed as received and recognised/crispy chewy consumed. But this part of the job must better be executed on a... right, diskless station having an "Unrecognised net card". Ask your friends howto find/install it. Well, true citizen usually address GCHQ/KGB/NSA/ETC with similar questions. But don't you ever forget that we are the One Nation; well, looks like not everybody just knows it.
Geese, I'm not a kind of a computer geek myself, and I'm telling IT to the readers of IMO the best computer geeks' mag. Do you hear a hiss? Sssend mme mmucch mmuny ffor the adviccce, mmy preciousss.
- iPad? More like iFAD: This is why Apple ran off to IBM
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Climate: 'An excuse for tax hikes', scientists 'don't know what they're talking about'
- Analysis Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
- Major problems beset UK ISP filth filters: But it's OK, nobody uses them