Thursday, March 26, 2015

Tor-fuelled Trojan gets stealthy with steganography

Senior AVG developer Jakub Kroustek found that this constantly evolving piece of financial malware that uses fairly typical API hooking and injection techniques to steal login credentials, financial data, private keys and ultimately execute transactions from compromised accounts is anything but typical upon closer examination. In a white paper which goes into some depth regarding the technologies implemented by Vawtrak, Kroustek shows this variant has been using steganography to hide update files in tiny 4Kb encrypted favicon graphics that are in turn distributed using the Tor network via a proxy. This use of steganography, where data can be hidden inside the white space (or Least Significant Bits as this is known) of image files without being detected, has allowed Vawtrak to embed command and control server URLs.

Vulnerability report reveals Microsoft isn't the bad guy after all

It's that time of year again, and the latest Secunia Vulnerability Review has been published. This analysed anonymous data gathered from scans right across 2014 of millions of computers which have Secunia Personal Software Inspector (PSI) installed and revealed some interesting statistics. On average, the computers used by the people running PSI had 76 programs installed on them and these vary from country to country. Secunia focussed its attention on what it calls "a representative portfolio of the 50 most common applications" which compromised 34 Microsoft and 16 non-Microsoft ones. So what did the analysis discover? You might be surprised if you tend to think of Microsoft as being the bad guy when it comes to vulnerable products.