Tag Archives: steganography

How to Hide Information with Ordinary Office Printers

The printer you have in your office may be less innocent than you thought. Some experts have already shown that they can even become a steganographic tool, the art, well-known in computer security, of hiding information from prying eyes.

A few years ago, the Electronic Frontier Foundation, an organization that defends civil liberties on the internet, reported that some laser printers included a code on the documents they printed that could be viewed with a certain light and a microscope. Manufacturers later had to admit that the US secret services had, apparently, reached an agreement with them so as to identify counterfeiters with that hidden code.

Researchers at the University of Utah have now shown that a conventional inkjet printer such as the one above your desktop can be used to print hidden images invisible to the human eye.

Messages hidden with silver and charcoal

Experts have used a silver and carbon ink to print an image formed by small rods of a millimeter in length and a few hundred microns in width. By varying the proportion of silver and coal, the conductivity of each bar also changes. The human eye is unable to perceive this modification. Using harmless terahertz radiation, which is located in the electromagnetic spectrum between infrared and microwave and is able to traverse opaque objects, the information encoded in the conductivity can be unveiled.

In a study published in the journal of the Optical Society (OSA), researchers demonstrated their new method by hiding QR codes in an image. At first glance, they looked just like an array of identical lines, but, thanks to terahertz radiation, the QR code was discovered. With this method, they have even camouflaged color QR codes.

“Our very easy-to-use method can print complex patterns of rods with varying conductivity,” explained Ajay Nahata, one of the authors of the study. “An added benefit to our technique is that it can be performed very inexpensively.”

Printers used for espionage?

Although they performed this test using relatively simple and small QR codes, they believe the technique could be used to conceal information in more detailed and complex images.

In World War I, the Germans used lemon juice in their letters as invisible ink to escape censorship. Now, the researchers at the University of Utah have shown that there are far more sophisticated ways of hiding information, and there is no need to dig too deep into your pockets to use it.

They also plan to develop inks that need to be heated or exposed to light at a given wavelength to uncover information. Will invisible inks for printers become a new way of hiding confidential information? We may never know.

The post How to Hide Information with Ordinary Office Printers appeared first on Panda Security Mediacenter.

Hacking Millions with Just an Image — Recipe: Pixels, Ads & Exploit Kit

If you have visited any popular mainstream website over the past two months, your computer may have been infected — Thanks to a new exploit kit discovered by security researchers.

Researchers from antivirus provider ESET released a report on Tuesday stating that they have discovered an exploit kit, dubbed Stegano, hiding malicious code in the pixels of banner advertisements that are currently

New Hammertoss Espionage Tool Tied to MiniDuke Gang

Hammertoss, a backdoor uncovered by researchers at FireEye, combines many previous communication venues used by APT29, a espionage outfit linked to the Russian government.

Banking Trojan Vawtrak: Harvesting Passwords Worldwide

Over the last few months, AVG has tracked the rapid spread of a banking Trojan known as Vawtrak (aka Neverquest or Snifula).

Once it has infected a system, Vawtrak gains access to bank accounts visited by the victim. Furthermore, Vawtrak uses the infamous Pony module for stealing a wide range of login credentials.

While Vawtrak Trojans are not new, this particular sample is of great interest.

 

How and where is it spreading?

The Vawtrak Trojkan spreads in three main ways:

  • Drive-by download – in the form of spam email attachments or links to compromised sites
  • Malware downloader – such as Zemot or Chaintor
  • Exploit kit – such as Angler

Based on our statistics, the Czech Republic, USA, UK, and Germany are the most affected countries by the Vawtrak campaigns this year.

Countries most affected by the spreading of Vawtrak in Q1 2015.

 

What are the features of this Vawtrak?

This Vawtrak sample is remarkable for the high number of functions that it can execute on a victim’s machine. These include:

  • Theft of multiple types of passwords used by user online or stored on a local machine;
  • Injection of custom code in a user-displayed web pages (this is mostly related to online banking);
  • Surveillance of the user (key logging, taking screenshots, capturing video);
  • Creating a remote access to a user’s machine (VNC, SOCKS);
  • Automatic updating.

Of particular interest from a security standpoint is that by using Tor2web proxy, it can access update servers that are hosted on the Tor hidden web services without installing specialist software such as Torbrowser.

Moreover, the communication with the remote server is done over SSL, which adds further encryption.

This Vawtrak sample also uses steganography to hide update files inside of favicons so that downloading them does not seem suspicious. Each favicon is only few kilobytes in size, but it is enough to carry a digitally signed update file hidden inside.

 

Detailed analysis

Our complete analysis of this malware is too long to publish in full on this blog so we have prepared a detailed white paper that describes this infection, its internals and functions in detail.

 

You can also download the report here

 

Stay Safe

While this Vawtrak Trojan is very flexible in functionality, it’s coding is mostly basic and can be defended against. At AVG, we protect our users from Vawtrak in several ways:

  • AVG LinkScanner and Online Shield provide real-time scanning of clicked links and web pages containing malicious code.
  • AVG Antivirus for generic detection of malicious files and regular scans.
  • AVG Identity Protection, that uses a behavioral-based detection, will detect even the latest versions of such infections.
  • AVG Firewall prevents any unsolicited network traffic, such as communication with a C&C server.