back to article Botnet buries commands in image files

Security researchers have identified a botnet that borrows an idea from steganography by burying commands in jpg images. The DlKhora botnet, which is primarily geared towards downloading other strains of malware, encodes instructions so that the command and control server appears to be serving up image files, SecureWorks …


This topic is closed for new posts.
  1. Tom_

    Another partial success

    It seems a bit strange to do this without hiding the data in actual images.

  2. Anonymous Coward
    Anonymous Coward


    the filter that tries to block bot communication does not look at the actual image. At least not yet.

  3. Anonymous Coward
    Anonymous Coward

    steganographic malware botnet

    What computer Operating System does this steganography malware botnet run on?

  4. Frumious Bandersnatch Silver badge
    Dead Vulture


    Will the Register have an exciting follow up where a malware author uses "advanced stegonography" by putting the commands in a Jpeg/PNG/GIF comment section with a "sophisticated self-identification mechanism" (ie, a "start-of-message" indicator at the start, and an "end of messsage" indicator along with a checksum at the end). When you do get around to writing that article, don't forget to mention that the message contents are "encrypted" with a "variable key" (stored right after the start of message indicator, and used to XOR the command data, natch).

  5. Anonymous Coward
    Dead Vulture

    Not stego.

    Obfuscation. Not stego at all. For this to be stego it would have to *actually* be a real image file, not just a bunch of text with a fake header slapped on the front.

    And fairly trivial obfuscation at that.

  6. Carter Cole
    Black Helicopters

    i agree not stego

    i want to write a bot that uses true steggo like knows where to find the original image (from some google page or a image hosting site) and then keeps its data stored like in the sample pictures of the computer or something i think that would be a cool bot.



    Howto find a necessary image in the Flow? It's Damn easy.

    Order the images from a page resize in your sandbox before they've gone loose into your OS. If you can't make one, why not to ask any from the handful of your friends?

    Images that refuse to resize are the ones you need/don't need at all/always wanted to ask about but are ashame to.

    But here we come closer to the problem ofputting to/removing the pic msgs from the Primary sources right after they are confirmed as received and recognised/crispy chewy consumed. But this part of the job must better be executed on a... right, diskless station having an "Unrecognised net card". Ask your friends howto find/install it. Well, true citizen usually address GCHQ/KGB/NSA/ETC with similar questions. But don't you ever forget that we are the One Nation; well, looks like not everybody just knows it.

    Geese, I'm not a kind of a computer geek myself, and I'm telling IT to the readers of IMO the best computer geeks' mag. Do you hear a hiss? Sssend mme mmucch mmuny ffor the adviccce, mmy preciousss.


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020