Saturday, September 3, 2011

Pest prey hidden data in images

Pest prey hidden data in images


U.S. security researchers have discovered a new type of malware that uses social networks in order to "spark home."

Modern malware is designed for PC users a real nuisance: If she once ensconced on the computer, for example, they can e-mail passwords, credit card or bank account PINs, store and read along. It is now the most sophisticated versions - data pests, for example, have it apart only to certain banks, or those who enjoy a meal only to fans of online games and suck their money-game reservoir.

All this software is bad, however common, that they somehow, sometime must contact their creators. Receive "master" (or "Mistress"), the Internet crook of the pest after all captured data, for example, then go to shopping at the expense of others or to resell the stolen account information. In addition, there is often a back channel, can remotely control the creators of malware infected PCs to abuse them to send spam or for some Internet attacks.

Yet here there is a weakness of data pests: Even on machines already infected, anti-virus programs and fire if the external communication via the Internet potentially block. So online crooks then get no sensitive data out of the PC, the treasure does not stand out.

Researchers at the University of Illinois at Urbana-Champaign have now shown, however, a process that would cut even this countermeasure. The so-called Stegobot has been spotted in the wild yet, but already has a concept that has developed a team led by computer scientist Amir Houmansadr, extremely threatening.

The basic idea: Instead of sending data over regular spied (and potentially blockable) direct Internet communication, the prototype-malware hidden passwords or account access to images that the user uploads a voluntary basis in social network Facebook. Thus, the victims themselves to helping the Internet crooks, without even realizing it. The crook, the image must then only in the network view and extract the data.

In a standard recording with 720 x 720 pixels size to fit at least 50 kilobytes - that's enough for a whole bunch of credit card and account information and passwords to access online games. Visible from the outside thanks to the integrated data hiding steganographic methods are not, the tiny noise that is generated by the additional data is not even trained eyes on.

In laboratory experiments, the researchers infected by Houmansadr first few test computers. Stegobot lands as well as real malware on your PC: By e-mail attachment, open the unsuspecting user. Then the malware goes to work, collecting access data and uses the email of the victim in order to spread further. Sufficient information are together, begin the upload stage: This Stegobot waits in the background that the user "facebookt". When uploading the next image, the data is integrated automatically and leave the computer.

The researchers have also developed a concept of how Stegobot could conceal his receiver: Here, the data hopping from friend to friend. Instead, the data on publicly to place the photos on Facebook, then only those for closed user groups - vulgo: the Facebook friends - is used. Succeeds Stegobot to infect another person in the Facebook friends, the game continues: the data is transferred from a private photo to the next. Says Wanders sensitive information from person to person until they appear in the Friends of online crooks who can decipher them again.

"It is particularly dangerous that Stegobot really can not be recognized," said Shishir Nagaraja from the Indraprastha Institute of Information Technology in New Dheli who turned the Proekt with Houmansadr. Moreover, it is possible that the creator of the pest data could also take the opposite approach to control the malware without notice that someone.

Online crooks still seem not to have come up with the idea to implement techniques such Stegobot. However, in steganography, the scene is already quite an issue. Currently it is still unclear whether the effort, when the veiling Stegobot drives his work, worth for the cost-conscious Internet mafia would. Finally, firewalls and anti-virus software work often so bad that malware can also right "spark home." Possibly but it looks very different from targeted espionage attacks - such as when an intelligence agency wants to smuggle out information from abroad and the origin of the attack are obscured necessarily.

No comments:

Post a Comment