Keldrin writes:
"Zeus is a trojan designed to steal banking credentials, and has been declared one of the most successful pieces of malware currently seen in the wild. A new variant is making detection far more difficult for anti-virus companies by hiding configuration settings inside pictures. At the moment, the malware simply encodes the configuration with Base64, passes them through XOR and RC4, then attaches them to the end of an image file. This makes for an 'infected' file that is much larger than the original. There is speculation that future releases of the malware will be able to detect minuscule changes to the colors of individual pixels, making the affected files much harder to detect."
(Score: 1) by acid andy on Saturday February 22 2014, @10:07AM
OK so they're hiding configuration information in the image and theoretically they could hide code in there too, but the executable part of the trojan still has to kick off the process of extracting that data, probably decrypting it, and then executing that.
Why isn't that initial part of the code detectable?
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?