from the zeus-favored-the-greeks dept.
"Zeus is a trojan designed to steal banking credentials, and has been declared one of the most successful pieces of malware currently seen in the wild. A new variant is making detection far more difficult for anti-virus companies by hiding configuration settings inside pictures. At the moment, the malware simply encodes the configuration with Base64, passes them through XOR and RC4, then attaches them to the end of an image file. This makes for an 'infected' file that is much larger than the original. There is speculation that future releases of the malware will be able to detect minuscule changes to the colors of individual pixels, making the affected files much harder to detect."
It was an innocuous-looking photograph that turned out to be the downfall of Zheng Xiaoqing, a former employee with energy conglomerate General Electric Power:
According to a Department of Justice (DOJ) indictment, the US citizen hid confidential files stolen from his employers in the binary code of a digital photograph of a sunset, which Mr Zheng then mailed to himself.
It was a technique called steganography, a means of hiding a data file within the code of another data file. Mr Zheng utilised it on multiple occasions to take sensitive files from GE.
[...] The information Zheng stole was related to the design and manufacture of gas and steam turbines, including turbine blades and turbine seals. Considered to be worth millions, it was sent to his accomplice in China. It would ultimately benefit the Chinese government, as well as China-based companies and universities.
Zheng was sentenced to two years in prison earlier this month. It is the latest in a series of similar cases prosecuted by US authorities. In November Chinese national Xu Yanjun, said to be a career spy, was sentenced to 20 years in prison for plotting to steal trade secrets from several US aviation and aerospace companies - including GE.
Originally spotted on Schneier on Security.
- Say Goodbye to the Dots and Dashes to Enhance Optical Storage Media
- How Video Became a Dangerous Delivery Vehicle for Malware Attacks
- New Zeus Trojan Variant Using Steganography