http://www.darkreading.com/security/attacks-breaches/231400084/operation-shady-rat-attackers-employed-steganography.html By Kelly Jackson Higgins Dark Reading Aug 11, 2011 The attackers behind the "Operation Shady RAT" targeted cyberespionage hacks hid some of their activities behind digital images. They used steganography, a relatively rarely deployed technique for hiding malicious code or data behind image files or other innocuous-looking files. In its analysis of Operation Shady RAT, Symantec found rigged images -- everything from images of a pastoral waterside scene to a suggestive photo of a woman in a hat -- that were masking commands ordering the infected machines to phone home to the command-and-control (C&C) server. The commands are invisible to the human eye because the bits in the image are actually made up of those commands. They're "mathematically built into the data representing the image," according to Symantec researchers in a recent blog post that includes examples of the images its researchers found. Operation Shady RAT is a massive advanced persistent threat (APT)-type attack campaign that has been ongoing worldwide for five years and has stolen intellectual property from 70 government agencies, international corporations, nonprofits, and others in 14 countries. It was revealed last week by McAfee, which conducted an in-depth study of one of the C&C servers used in the attack. [...] ___________________________________________________________ Tegatai Managed Colocation: Four Provider Blended Tier-1 Bandwidth, Fortinet Universal Threat Management, Natural Disaster Avoidance, Always-On Power Delivery Network, Cisco Switches, SAS 70 Type II Datacenter. Find peace of mind, Defend your Critical Infrastructure. http://www.tegataiphoenix.com/Received on Fri Aug 12 2011 - 00:14:57 PDT
This archive was generated by hypermail 2.2.0 : Fri Aug 12 2011 - 00:34:18 PDT