Cyber Security

Is Malware Hiding in that Twitter Image?

August 7, 2015

Guest Author

Last week FireEye detected HAMMERTOSS, a malware backdoor, which uses Twitter, Github, and cloud services to steal data from networks. HAMMERTOSS embeds malware in Twitter photos, which is considered Steganography.

What is Steganography?

For the uninformed such as myself, go ahead and perform a DuckDuckGo search and you’ll see that steganography “is the practice of concealing a file, message, image, or video within another file, message, image, or video.”

Image files are not immune to malware infections. PNG, JPEG, and other image file types can carry hidden files.

At the Geospatial Meetup last February Tim Loomis, a Senior Systems Engineer at NOAA, first introduced me to the concept of hiding files within images. The sophistication of the technique and concept amazed me at the time. I wondered how you could see the hidden files and even detect for hidden infected files.

Three months later, Computerphile’s Youtube channel explains the practice and detection methods.

Malware Infested Images are Not New

PCWorld wrote an article on photos containing malware in May last year. Back in 2011 there were numerous reports of Google Images leading to fakes sites containing malware.

Average Internet users don’t necessarily attention to image sources, clicking on images, or downloading them to their PCs. Visuals dominate the social media and marketing world. Without good images and photographs, we are left to text, which is less appealing and not as trustworthy. Yet looks are deceiving.

How Can You Protect Yourself?

The author in the older PCWorld article suggests using antivirus software. A logical suggestion mandates that you proceed with caution towards URLs and files available in email, search engines, and websites. Google and other search engines may produce their best search results, but as you can see from past evidence, they cannot protect you from malware on external sites. Google Search provides image previews and source URLs. Sometimes even the best websites are fooled. The same goes for Twitter with the recent HAMMERTOSS incident.

When looking for images online, only download from trusted photography and image websites. I use Flickr’s Creative Commons section for all photos. If you like the image or photo, but don’t completely trust the source, use VirusTotal’s online scan. Not everyone is capable of using the same detection techniques described in Computerphile’s video. We must use the convenient and effective tools available.

Security Analysts Must Look for All Potential Vulnerabilities

Cyber security professionals must understand the varying attack types and avenues employed to distribute malware. This knowledge gives them an advantage when analyzing malware on infected systems to discover the root cause, determine removal and future protection techniques and policies moving forward.

Whether you’re the average Internet user or IT professional, awareness of steganography is valuable. 

subscribe by email

Stay Ahead

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.