Steganography: a new technique of hiding Malware.

Author:Hay, Andrew

Steganography--a brief history

Steganography is the process of hiding a message within another message, to convey a secret message that others are not meant to view. During World War II, the French Resistance sent messages written on the backs of couriers in invisible ink. In ancient Greece, people wrote messages on wood and covered it with wax that bore an innocent covering message. Anyone else who has the letter is generally unaware there's a hidden message on the back. That's steganography.

The technique has a long and colourful history. While you might not have known its name, it has been used for centuries in a variety of low-tech ways. Commonly a plot device in mysteries shows, a message is written in invisible ink on the back of a real letter. When the intended recipient gets the letter, they gently heat it up revealing the message. Anyone else who has the letter is generally unaware there's a hidden message on the back.

While this basic premise is fairly common, we've recently seen a resurgence in the use of steganography among a new audience--malware authors. Hiding data in an unexpected location can fool security researchers into overlooking an innocuous channel, protocol or container where data exchange is not expected. This makes it an extremely powerful tool for attackers, and threats using this technique among some of the most dangerous we're facing today.

The System

Before we dive into how malware authors are leveraging this technique, let's take a deeper look at the advantages and disadvantages of steganography.

The system relies on a shared secret with two pieces of information: that the message exists and how to reveal the message.

If I want to communicate with you, the reader, in secret after our initial meeting. We decide on a method of hiding messages to each other. We're going to use the first letter of each word in a paragraph.

Howard called Edward after school.

Edward, expecting the call, answered on the second ring.

Laughing at a shared joke, they quickly started to discuss their science fair project.

Last year, Julie won the fair with a twist on the classic baking soda volcano.

Once they discussed why her presentation was so effective, they started to figure out how to win the top prize.

Besides being an utterly horrid piece of writing (yes, it's original), this paragraph serves our purpose well. Hidden in the completely mundane writing is our """message. By taking the first letter of each word, we recreate the message, "H E L L O".

Since we knew how the message was concealed, it was easy to reveal.

This also highlights steganography's biggest weakness: if you know of the existence of the message you can easily intercept it. The strength of the system is in how much noise is around the actual message and how well the message is hidden within that noise.

What About Encryption?

This differs from encryption. In a...

To continue reading