About Sarah
Articles with the tag: favicon
Malware Steganography
Sun, 12 Apr 2015 02:56PM
6 years ago (yikes!) I wrote about image steganography as a concept. At the moment there are a couple of pieces of malware that use steganography, such as Vawtrak (aka Neverquest) and ZeuS, to hide the command and control servers (C&C) or configuration files in images. This means that the malware does not need to contain a static list of C&Cs which will become old quickly, but can just download an innocent looking image from the internet; decode the hidden message and then connect out. The advantages are that the image can be refreshed with C&C data without having to recompile the malware; and the images can be hidden in plain sight; e.g. on legitimate message boards.
Previous blog entries
Blog categories
- Forensics & science (7)
- Homemade arts & crafts (11)
- Rabbits (8)
- Programming (6)
- Miscellaneous (25)
- Recipes (5)
- Reviews (14)
- Digital Forensics & Malware (42)
- Trips & Visits (16)
- Cyber Security & Threat Management (12)
- IT & Computers (7)
- HCI & Design (6)
Blog tags
Skye PNG Itiel Dror text Microsoft Word captcha cybercrime ISACA Woodilee conference music bibliography search terms cloud Demand Five Highland cow sausages unicode cree.py ADS Pentlands Opera 30 Seconds to Mars Firefox favicon page breaks jquery Myxomatosis Brigitte Reusch Snapfish Irari rules web history tags MP3 sharing stew evaluation data flow internet history reference management Windows 7 Belgium confirmation bias Shira camp timezones snob recycle bin sock puppets mobile phones lectures insider fraud stand-up qualitative Asda résumé Mweke Internet Explorer celebrities Machame camp link files magnets
