Security researchers have identified a botnet that borrows an idea from steganography by burying commands in jpg images. The DlKhora botnet, which is primarily geared towards downloading other strains of malware, encodes instructions so that the command and control server appears to be serving up image files, SecureWorks …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 1st October 2009 10:22 GMT Tom_

Another partial success

It seems a bit strange to do this without hiding the data in actual images.

0 0
Thursday 1st October 2009 10:54 GMT Anonymous Coward

@Tom

the filter that tries to block bot communication does not look at the actual image. At least not yet.

0 0
Thursday 1st October 2009 12:31 GMT Anonymous Coward

steganographic malware botnet

What computer Operating System does this steganography malware botnet run on?

0 0
Thursday 1st October 2009 12:31 GMT Frumious Bandersnatch

steganography?

Will the Register have an exciting follow up where a malware author uses "advanced stegonography" by putting the commands in a Jpeg/PNG/GIF comment section with a "sophisticated self-identification mechanism" (ie, a "start-of-message" indicator at the start, and an "end of messsage" indicator along with a checksum at the end). When you do get around to writing that article, don't forget to mention that the message contents are "encrypted" with a "variable key" (stored right after the start of message indicator, and used to XOR the command data, natch).

0 0
Thursday 1st October 2009 14:42 GMT Anonymous Coward

Not stego.

Obfuscation. Not stego at all. For this to be stego it would have to *actually* be a real image file, not just a bunch of text with a fake header slapped on the front.

And fairly trivial obfuscation at that.

0 0
Thursday 1st October 2009 23:14 GMT Carter Cole

i agree not stego

i want to write a bot that uses true steggo like knows where to find the original image (from some google page or a image hosting site) and then keeps its data stored like in the sample pictures of the computer or something i think that would be a cool bot.

0 0
Friday 2nd October 2009 09:07 GMT 3BEPOTEKCT

Ffloww!

Howto find a necessary image in the Flow? It's Damn easy.

Order the images from a page resize in your sandbox before they've gone loose into your OS. If you can't make one, why not to ask any from the handful of your friends?

Images that refuse to resize are the ones you need/don't need at all/always wanted to ask about but are ashame to.

But here we come closer to the problem ofputting to/removing the pic msgs from the Primary sources right after they are confirmed as received and recognised/crispy chewy consumed. But this part of the job must better be executed on a... right, diskless station having an "Unrecognised net card". Ask your friends howto find/install it. Well, true citizen usually address GCHQ/KGB/NSA/ETC with similar questions. But don't you ever forget that we are the One Nation; well, looks like not everybody just knows it.

Geese, I'm not a kind of a computer geek myself, and I'm telling IT to the readers of IMO the best computer geeks' mag. Do you hear a hiss? Sssend mme mmucch mmuny ffor the adviccce, mmy preciousss.

73

0 0