Encrypted Malware inside JPEG Image file - New method by malware writers

  • Thread starter Thread starter illumination
  • Start date Start date
Status
Not open for further replies.
I

illumination

Thread author
Dmitry Bestuzhev @KasperskyLab discovered a new type of malware infection method. He found the Encrypted malware is hidden inside the JPEG image file(it hash BMP file structure)...
Read More
 
Firstly, it may cause automatic malware analysis systems to function incorrectly: the file would be downloaded and analyzed by the antivirus program, and given the all-clear; with time the link will be exempted from checks altogether.
Click to expand...

then you will say thanks for your HIPS which before annoyed you so much for every actions happening in your system.
 
Hiding malware in an image isn't new...

It's a little unclear from the article whether they are considering the method new, (hiding malware in an image) or the technique new. (new infection vector)
 
HeffeD, I've never seen malware packaged into an image. Exploits, yes (you can perform BO with an image but it's not common) but I haven't ever seen an image with malware except, of course, for fake extensions.
 
The part that is unclear to me: the article states that KasperskyLab "discovered a new type of malware infection method". If they are referring to the fact that an executable is hidden inside an image... this is not something new, it's called steganography. As far as I can tell this enables malware authors to transmit and spread files without triggering a detection, however to execute the malicious executable inside the image, another executable is needed to decrypt it. So on its own, the image file does nothing.
 
bogdan said:
The part that is unclear to me: the article states that KasperskyLab "discovered a new type of malware infection method". If they are referring to the fact that an executable is hidden inside an image... this is not something new, it's called steganography. As far as I can tell this enables malware authors to transmit and spread files without triggering a detection, however to execute the malicious executable inside the image, another executable is needed to decrypt it. So on its own, the image file does nothing.
Click to expand...

Yes, this is what I was getting at. A bit unclear as to what they actually mean.
 
McLovin said:
Wow, people that make viruses are getting better at making and hiding them.
Click to expand...

yes, that's why some time ago I said more and more nasty virus. although the OS more and more features to prevent it. sure a hacker or anything like that will look for weaknesses.
 
This wont be a problem if JPEGs are open using a sandboxed explorer or by right clicking on the JPEG image and choosing run sandboxed. Sandboxie will also prevent getting infected when clicking on fake JPEGs.:cool:

Bo
 
Yes. but what we "should" do it?

I think, may use the HIPS on the machine would be better?
as said by Umbra above.
or, scan it with AV or, another scanner tool?
:)
 
win7holic said:
Yes. but what we "should" do it?

I think, may use the HIPS on the machine would be better?
as said by Umbra above.
or, scan it with AV or, another scanner tool?
:)
Click to expand...
HIPS is chatty, Sandboxie speaks softly and carries a big stick. I prefer the quietness and effectiveness of Sandboxie. Depending on HIPS, errors can happen. Errors don't happen if you run the file sandboxed.

Bo
 
It was discovered by some researcher (i didn't remember his name) in 2010 itself. But he is doesn't find the coding. Kaspersky researcher did. That JPEG malware won't work without starter, this is what the kaspersky researcher said.
 
Well all I know before was a double extension method in order to execute it, like example picture.jpeg.exe so trying to convince its like an picture but it isn't.
 
bogdan said:
The part that is unclear to me: the article states that KasperskyLab "discovered a new type of malware infection method". If they are referring to the fact that an executable is hidden inside an image... this is not something new, it's called steganography. As far as I can tell this enables malware authors to transmit and spread files without triggering a detection, however to execute the malicious executable inside the image, another executable is needed to decrypt it. So on its own, the image file does nothing.
Click to expand...

yes right, i think the new thing is the "Block Cypher" encryption method, it seems to act like steganography but without the need of any apps to open it.
 
Status
Not open for further replies.

You may also like...