Stories
Slash Boxes
Comments

SoylentNews is people

posted by Dopefish on Friday February 21 2014, @06:30PM   Printer-friendly
from the zeus-favored-the-greeks dept.

Keldrin writes:

"Zeus is a trojan designed to steal banking credentials, and has been declared one of the most successful pieces of malware currently seen in the wild. A new variant is making detection far more difficult for anti-virus companies by hiding configuration settings inside pictures. At the moment, the malware simply encodes the configuration with Base64, passes them through XOR and RC4, then attaches them to the end of an image file. This makes for an 'infected' file that is much larger than the original. There is speculation that future releases of the malware will be able to detect minuscule changes to the colors of individual pixels, making the affected files much harder to detect."

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by dmc on Friday February 21 2014, @07:51PM

    by dmc (188) on Friday February 21 2014, @07:51PM (#4501)

    I'm not amazed yet (though can't say I bothered to RTFA). It doesn't sound different enough from just having an encrypted config file. Sure the image file may look innocuous, but the trojan has to *itself* 'hide' somewhere. Why not just store its configuration as an encrypted chunk of its own executable? What makes these or any steganographed config files more sneaky than that scenario?

    Starting Score:    1  point
    Moderation   +4  
       Insightful=1, Interesting=2, Underrated=1, Total=4
    Extra 'Interesting' Modifier   0  

    Total Score:   5