Steganography - Power to You

Steganography

• Steganography is the technique to place text content behind the images.

• This is generally performed by the terrorists to hide the secret messages behind the images and conveying the message via sending the Image via
Internet.

• Windows Internal Commands as well as
Steganography tools can be used toperform this technique.

An example of Steganography. the information is hidden behind the image.

Threats of Steganography

Digital steganography, as stated before, is just a series of methods which hides information and files from view into other files and can have many beneficial and secure properties such as watermarking photographs to deter art theft, keeping sensitive data secure in innocuous files in case of unauthorized access or data theft, etc. But as any other tool in the world, intentionally and unintentionally, people may use this difficulty of detection in not such secure ways.

“Is your PC virus-free? Get it infected here!”

This was a real Google Ad last year. You may think that no one in his right state of mind would click this advert. But they do. Fortunately, this was only an experiment by Mikko Hypponen, who is Chief Research Officer at security firm F-Secure and only leads to a “Thank You” html page. During the six month period that this ad was online, 409 people either by mistake, out of curiosity or stupidity thought it was a good idea to click the link to “see what happens”. This experiment was mentioned to show how some users willingly download viruses even if it says “Clicking this link will format your hard disk but you will see a dancing pig” let alone if the virus is hidden in an innocent attachment sent (seemingly) from a co-worker or a friend. (Anyone involved in computer security will know of the “Dancing pig problem”). The most common misuse of steganography is the hiding of malware into seemingly safe files such as pictures, audio and email attachments. This method is used to hide any type of malware ranging from viruses to worms from spyware to Trojans.

One of the simplest ways to hide malware is to use double extensions. A file would be named for example as “cutekitten.jpg.exe”. When this is clicked, Windows will look only at the last part of the extension and therefore treats it as an executable. For an unprotected computer this method is particularly effective as this can be received as an attachment and, by default, Windows hides the last extensions of its files and therefore this is shown as a jpg file and can be overlooked and executed. An example was the Anna Kournikova virus which was sent via email as an attachment “AnnaKournikova.jpg.vbs”. A similar technique is with URL links. These may be fashioned to show that they are directed to a jpg, mp3 etc but when clicked, the user is redirected to an executable.

Macros embedded in Microsoft documents also fall under the steganography cap. These mini-programs are executed as soon as one opens the document and mostly spread by copying the email addresses in the address book and sending itself automatically by email. The Melissa virus is a famous example of this; it had a null payload but its damage came in the form of email servers congestion due to its high rate of spread.

As stated before, text can be embedded in pictures. This may take the form of malicious code. Though harmless on its own, it can have a companion malware process which loads the program from the carrier picture. The main advantage is that in some systems, picture files are not scanned and the companion process will not have a virus signature.

While in the previous cases steganography was used to hide the malware to infect the system, it can also be used maliciously in reverse. A virus may be programmed to “hide” a user’s important documents or files inside a file and ask for ransom for the password that will be used to decrypt the data back to its original state (hopefully). A macro famous for this was a variant of the Melissa virus mentioned before called Melissa.V. This macro made a backup of documents and destroyed random parts of the original. Then it requested a ransom of $100 to be transferred to an offshore account. Fortunately the owner of the account was tracked down and it was discovered that the macro wrote information in the Windows registry and with this, the documents could be retrieved.

Another dangerous application to steganography involves malevolent users of the system whose intent is to transfer or steal sensitive information or files. This can very easily be done with “Text in media files” or the “Files archive in pictures” methods mentioned previously in this article.