Encrypted Malware inside JPEG Image file - New method by malware writers

illumination · Nov 13, 2011

Dmitry Bestuzhev @KasperskyLab discovered a new type of malware infection method. He found the Encrypted malware is hidden inside the JPEG image file(it hash BMP file structure)...
Read More

Deleted member 178 · Nov 13, 2011

Firstly, it may cause automatic malware analysis systems to function incorrectly: the file would be downloaded and analyzed by the antivirus program, and given the all-clear; with time the link will be exempted from checks altogether.

then you will say thanks for your HIPS which before annoyed you so much for every actions happening in your system.

win7holic · Nov 13, 2011

is it necessary? scans each. jpeg files before opened?

yes, moments like these HIPS is needed.

HeffeD · Nov 13, 2011

Hiding malware in an image isn't new...

It's a little unclear from the article whether they are considering the method new, (hiding malware in an image) or the technique new. (new infection vector)

Hungry Man · Nov 13, 2011

HeffeD, I've never seen malware packaged into an image. Exploits, yes (you can perform BO with an image but it's not common) but I haven't ever seen an image with malware except, of course, for fake extensions.

bogdan · Nov 13, 2011

The part that is unclear to me: the article states that KasperskyLab "discovered a new type of malware infection method". If they are referring to the fact that an executable is hidden inside an image... this is not something new, it's called steganography. As far as I can tell this enables malware authors to transmit and spread files without triggering a detection, however to execute the malicious executable inside the image, another executable is needed to decrypt it. So on its own, the image file does nothing.

McLovin · Nov 13, 2011

Wow, people that make viruses are getting better at making and hiding them.

HeffeD · Nov 13, 2011

bogdan said:
The part that is unclear to me: the article states that KasperskyLab "discovered a new type of malware infection method". If they are referring to the fact that an executable is hidden inside an image... this is not something new, it's called steganography. As far as I can tell this enables malware authors to transmit and spread files without triggering a detection, however to execute the malicious executable inside the image, another executable is needed to decrypt it. So on its own, the image file does nothing.

Yes, this is what I was getting at. A bit unclear as to what they actually mean.

bogdan · Nov 13, 2011

Well, they can probably store those images on multiple web-sites without raising many suspicions...

win7holic · Nov 13, 2011

McLovin said:
Wow, people that make viruses are getting better at making and hiding them.

yes, that's why some time ago I said more and more nasty virus. although the OS more and more features to prevent it. sure a hacker or anything like that will look for weaknesses.

Ramblin · Nov 13, 2011

This wont be a problem if JPEGs are open using a sandboxed explorer or by right clicking on the JPEG image and choosing run sandboxed. Sandboxie will also prevent getting infected when clicking on fake JPEGs.

Bo

win7holic · Nov 13, 2011

Yes. but what we "should" do it?

I think, may use the HIPS on the machine would be better?
as said by Umbra above.
or, scan it with AV or, another scanner tool?

Ramblin · Nov 13, 2011

win7holic said:
Yes. but what we "should" do it?

I think, may use the HIPS on the machine would be better?
as said by Umbra above.
or, scan it with AV or, another scanner tool?

HIPS is chatty, Sandboxie speaks softly and carries a big stick. I prefer the quietness and effectiveness of Sandboxie. Depending on HIPS, errors can happen. Errors don't happen if you run the file sandboxed.

Bo

win7holic · Nov 13, 2011

but, not everyone can use Sandboxie or even HIPS as well.
I think common people will use AV to scan them.

moonshine · Nov 14, 2011

Something to look out for again. At least we're well protected.

win7holic · Nov 14, 2011

I observe. the most important thing right now is: common sense.
(as I said before)

moonshine · Nov 14, 2011

Not without the right security software and a ton of knowledge.

PenTester · Nov 14, 2011

It was discovered by some researcher (i didn't remember his name) in 2010 itself. But he is doesn't find the coding. Kaspersky researcher did. That JPEG malware won't work without starter, this is what the kaspersky researcher said.

jamescv7 · Nov 17, 2011

Well all I know before was a double extension method in order to execute it, like example picture.jpeg.exe so trying to convince its like an picture but it isn't.

Deleted member 178 · Nov 17, 2011

bogdan said:
The part that is unclear to me: the article states that KasperskyLab "discovered a new type of malware infection method". If they are referring to the fact that an executable is hidden inside an image... this is not something new, it's called steganography. As far as I can tell this enables malware authors to transmit and spread files without triggering a detection, however to execute the malicious executable inside the image, another executable is needed to decrypt it. So on its own, the image file does nothing.

yes right, i think the new thing is the "Block Cypher" encryption method, it seems to act like steganography but without the need of any apps to open it.

Search

Encrypted Malware inside JPEG Image file - New method by malware writers

illumination

Deleted member 178

win7holic

New Member

HeffeD

Level 1

Hungry Man

New Member

bogdan

Level 1

McLovin

Level 76

HeffeD

Level 1

bogdan

Level 1

win7holic

New Member

Ramblin

Level 3

win7holic

New Member

Ramblin

Level 3

win7holic

New Member

moonshine

Level 7

win7holic

New Member

moonshine

Level 7

PenTester

New Member

jamescv7

Level 85

Deleted member 178

Similar threads