POC ‘Stegobot’ Botnet Capable of Capturing Files through Facebook Photographs

Investigators from the Indraprastha Institute of Information Technology situated inside New Delhi, India and the Urbana-Champaign based University of Illinois created a botnet named Stegobot with which they demonstrated the ease at which hackers could utilize Facebook photographs for deceitfully disseminating large-scale Internet assaults. Msnbc.msn reported this on July 29, 2011.

Describing the working of Stegobot, the institutes' investigators said that following acquiring admission into PCs via redirects to Internet sites laden with malware or contaminated attachments, which were the usual means, Stegobot applied the steganography technique that dealt with writing concealed communications, for concealing data within image folders while the image's look was kept unaltered.

Furthermore, the investigators outlined that the above process implied that a Facebook member's photograph with his friends, say, might actually disclose more things compared to what they possibly had hoped.

It is likely that in case Stegobot gained control over it, the conventional image of size 720x720 pixels might be supporting data of 50KB suggesting plentiful space for concealing as well as transmitting payment card numbers or passwords, which the proof-of-concept botnet Stegobot might uncover from the hard drive of a Facebook member.

Moreover, after incorporating this info inside any photograph that some Facebook member posts to the website, the member waits to have a friend view his profile. Incidentally, there won't be any necessity for even hitting the photo link since Facebook cooperates and pulls down files without drawing attention. And when the botnet possibly also infects the friend of the Facebook member through transmitted e-mail messages then any photograph they'd post would as well transmit the seized data-files.

Thenceforth, those data-files will head for somebody's account, who too knows the botmaster, letting the latter pull out information regarding the identity of the member. The botmaster may as well issue instructions to his bot-network in a reverse way i.e. posting an image containing concealed commands, which head for infected PCs.

Now, remarking about the botnet's above mentioned fascinating discoveries, the Indraprastha Institute's Shishir Nagaraja, leader of the project stated that the network was frightening as it was practically undetectable. Newstrackindia.com published this on July 29, 2011.

Related article: PC-Virus of 2005 Threatening Japanese Bank Accountholders, Warns Symantec

» SPAMfighter News - 8/10/2011