Botnet buries commands in image files
Stego backdoor hub
Security researchers have identified a botnet that borrows an idea from steganography by burying commands in jpg images.
The DlKhora botnet, which is primarily geared towards downloading other strains of malware, encodes instructions so that the command and control server appears to be serving up image files, SecureWorks reports.
The server sets the HTTP Content-Type header to “image/jpeg” and prefaces the bot commands with a fake 32-byte JPEG header. The bot checks if the header matches and decodes the rest of the response to retrieve its commands. The commands are encoded using a single byte XOR with 0×4.
The botnet makes no attempt to pad files such that they resemble genuine image files, a factor that marks the servers used by DlKhora out for detection. Malware installed by the botnet agent, as identified by SecureWorks to date, largely consists of ad hijacking nuisances.
Hackers need a method for passing instructions to the Trojan of compromised machines that form part of zombie (botnet) networks. IRC channels used to be the preferred venue for command and control channel but recently this has changed with miscreants experimented with different control channels such as Google Groups, Twitter and now "image" servers. ®
Howto find a necessary image in the Flow? It's Damn easy.
Order the images from a page resize in your sandbox before they've gone loose into your OS. If you can't make one, why not to ask any from the handful of your friends?
Images that refuse to resize are the ones you need/don't need at all/always wanted to ask about but are ashame to.
But here we come closer to the problem ofputting to/removing the pic msgs from the Primary sources right after they are confirmed as received and recognised/crispy chewy consumed. But this part of the job must better be executed on a... right, diskless station having an "Unrecognised net card". Ask your friends howto find/install it. Well, true citizen usually address GCHQ/KGB/NSA/ETC with similar questions. But don't you ever forget that we are the One Nation; well, looks like not everybody just knows it.
Geese, I'm not a kind of a computer geek myself, and I'm telling IT to the readers of IMO the best computer geeks' mag. Do you hear a hiss? Sssend mme mmucch mmuny ffor the adviccce, mmy preciousss.
i agree not stego
i want to write a bot that uses true steggo like knows where to find the original image (from some google page or a image hosting site) and then keeps its data stored like in the sample pictures of the computer or something i think that would be a cool bot.
Obfuscation. Not stego at all. For this to be stego it would have to *actually* be a real image file, not just a bunch of text with a fake header slapped on the front.
And fairly trivial obfuscation at that.