Researchers at the Hungary-based Laboratory of Cryptography and System Security have uncovered Duqu, an unusual form of steganography-based malware that embeds itself in Microsoft Windows machines, gathers information about industrial control systems, and then transmits it to its command-and-control center.
The malware is especially hard to find because it automatically removes itself after 36 days.
Duqu sends information back to its control center by encrypting it and embedding it in a JPEG file so it looks like a picture.
The researchers are still studying Duqu to determine its exact purpose and who created it.
Network steganography is especially appealing to cybercriminals because there is no limit to the amount of information that can be sent, according to researchers at the Fraunhofer Institute for Communication, Information Processing, and Ergonomics. They note in recent years these attacks have focused on higher-layer applications and services. "More than hundred techniques remain that transfer secret data using meta information, such as header elements or the timing of network packets," says Fraunhofer's Steffen Wendzel.
He also warns smartphones are particularly vulnerable to network steganography, and says until effective countermeasures are developed, researchers must invent a new set of basic approaches to deal with this emerging threat.
From Technology Review
View Full Article
Abstracts Copyright © 2014 Information Inc., Bethesda, Maryland, USA