6 years ago (yikes!) I wrote about image steganography as a concept. At the moment there are a couple of pieces of malware that use steganography, such as Vawtrak (aka Neverquest) and ZeuS, to hide the command and control servers (C&C) or configuration files in images. This means that the malware does not need to contain a static list of C&Cs which will become old quickly, but can just download an innocent looking image from the internet; decode the hidden message and then connect out. The advantages are that the image can be refreshed with C&C data without having to recompile the malware; and the images can be hidden in plain sight; e.g. on legitimate message boards.
Steganography is the art of hiding something in something else in plain sight. Usually images or text are hidden within other images or sound files. For example, in the image below of trees there is an image of a cat hidden inside it. Wikipedia explains that for each component of each RGB value, if you take just the last 2 bits of it and then turn the brightness up 85%, you get a picture of the cat. The whole point is so the image of the trees looks identical to an image of the trees without an image hidden inside to the human eye.
doppelgangers New Scientist Deterrence Theory backup programming Asda tea Ben Nevis File tunnelling Irari rules Post Secret music Karanga camp SQLAlchemy counting microsoft edge Sainsbury's Google etiquette Machame camp foreman data flow St Nicholas altitude sickness pyjamas Pentlands Geocities AJAX O2 Barcelona iMessage page breaks MP3 sharing cybercrime ACPO jquery bacon walks Snapfish sophisticated cyber attack digital forensics risk Data Protection Act kill chain fingerprints tags IE Number One holiday favourites Turkey encryption mentoring self deletion Vista Demand Five snob Shira camp 30 Seconds to Mars web usability