How to write the first few weeks of continued use of the word Trojan
A cute looks perfectly normal cat or beautiful pictures, you can put malicious code hidden in the picture pixels. When you click on this picture, the computer will move.
Indian security researcher Samir Shah put this method to hide malicious programs he found called "stegosploit", just look at being treated this way image file, you will be hacked. Shah hacker conference last Thursday in Amsterdam, Netherlands (HITB) explained on this hacking techniques.
"Malware is an art."
In general, the malware tend to office documents such as PDF, Word, etc. entrained to form a spread as a mail attachment. But Shah used a "secret writing" (Steganography) technology, the information hidden in the picture, the naked eye can not recognize. (In fact, safety cows reported last year had similar technology. Read related article)
Steganography is often used by terrorists to the photographs and video file transfer secret information, the US government agents forced to watch a lot of porn pictures and videos to the desired able to find secret information. Shah put this concept to use the hacker technology. He Code "written" into the pixels of the image, and then reduced by the HTML5 Canvas element may submit dynamic script. Shah This procedure was referred to as "secret sauce."
"I do not need to create a site, do not even need to register domain names. I just put a picture uploaded to the Internet, and then tell you the address. When you look at this picture in the browser, malicious programs will be triggered."
Malicious code is a mixed picture of the code and Java script, Shah called "IMAJS", can hide image files into JPG or PNG format. Unless the viewer to enlarge the picture carefully, or not now this is not a "problem" picture.
This image can hack your computer
The first video below, Shah demonstrated step by step how to malicious code written into the picture:
The first video address of the
second video, showing how the malware works. It requires the user to view the images in the browser, or click on the picture:
The second video address
picture is clicked once, CPU usage will rise to 100%, meaning that a malicious program is running. It can send data on the victim computer to the attacker, but also to create a text file on a victim's computer, which read, "You're black!."
The image file can no longer be "trust", click on it next time, think twice.
Malicious programs can also be designed more features, such as downloading and installing spyware. Shah said he spent almost five years of spare time to study the technology. At present he has not tested the technology on site to share in the picture, but he acknowledged that this approach does not in any case apply.
Shah noted :( address technical papers)