The new technique of malware hiding--steganography

"Steganography" technology is often seen in many detective stories and spy Wars films. Spy with steganography potion to write the information on the white Paper, received information from the superior and through the development technology to restore information. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' style= ' width:516px; height:275px "border=" 0 "alt=" malware hiding new tricks--steganography "src=" http://s6.51cto.com/wyfs02/M02/4B/CF/ Wkiom1q0loraeux8aafqwkdw-iy562.jpg "width=" 636 "height=" 358 "/> Recently, Dell Securityworks security researcher Brett Stone-gross published a report that found a new malware "latent", the most characteristic of this malware is that the malicious code by hiding in the BMP image pixels to avoid antivirus software. The recent bank Trojan Kins used a part of the leaked Zeus Trojan source code, already trying to "steganography" technology. However, Kins's "steganography" technology is relatively primitive. Just attach the data (configuration file or command) to the end of the picture file. This technique is relatively easy to detect for current intrusion prevention systems (IPS) or intrusion detection systems (IDS). and "Latent" is an algorithm, the encrypted URL embedded in the image of the pixel. This will not be detectable for current IPs or IDs. The "latent" main task is a downloader, which is used to download subsequent malicious code to build a zombie network for click fraud. The "latent" DLL resource area has a BMP bitmap. and "Latent" puts the URL of the malicious code on the lowest bit of the color byte of each pixel. In this case, from the whole bitmap, there will be some noise, and anti-virus software or the IPs based on the eigenvalue is difficult to detect. 498) this.width=498 ' OnMouseWheel = ' javascript:return big (This) ' border= ' 0 "alt=" the new technique of malware hiding--steganography "src=" http:// S7.51cto.com/wyfs02/m01/4b/d1/wkiol1q0ludx4o6iaafexsrh0gi033.jpg "width=" height= "198"/> In addition, "latent" The system's security system is also checked to see if the system has 52 antivirus software installed. If 21 of these software is detected, "lurk" does not install the downloaded malicious code. If not, "lurk" will transmit the anti-virus software information back to the command and control server. The discovery of "latent" is another example of the "villains, outsmart" in the field of security. The previous infamous ransom Trojan Cryptolocker uses the AES algorithm, as well as botnets using Peer-to-peer technology to center, all of the malware and botnets behind the network criminals are doing their best to hide malicious code, or to strengthen the botnet. and "steganography" technology is the latest malware new trends, it is worthwhile to engage in malicious software analysis of people pay more attention. About steganography Http://baike.baidu.com/view/553273.htm?fr=aladdin If you want to delve deeper into steganography, you can refer to the secrets of data hiding technology. The analysis report of Brett Stone-gross http://www.secureworks.com/cyber-threat-intelligence/threats/ malware-analysis-of-the-lurk-downloader/Note: The first picture hides the key, do you find it? (from the third National Cyber Security Contest) "Editorial recommendation" mobile Security: is anti-malware protection necessary? Six free anti-virus and Anti-malware scanning tools for Windows malware can be used to predict future world conflict Surveys show: nearly 1/ 5 of corporate PCs exist malware How I write "Responsible editor: Blue Rain Tears TEL: (010) 68476606" Original: Malware hiding new tricks-steganography back to network security home