Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Malicious Codes Concealed in Digital Images: Shady RAT Attacks

Symantec researchers explored a massive cyber attack designed behind the "Operation Shady RAT", where hackers concealed harmful viruses behind digital images and HTML files, reported InformationWeek on August 12, 2011.

Operation Shady RAT can be defined as a massive advanced persistent threat (APT), a name it inhibited from a 5-year-long hack of 49 entities. During early August 2011, shady RAT competed with IT security provider McAfee.

Several government employers and businessmen throughout the world were enticed by operation Shady RAT and permitted this Trojan to connect to a remote IP address in spite of the earlier attacks due to their ignorance. The implementation of this operation paved the way for attackers to deploy harmful breaches into a number of organizations.

Initially, the ploy went unnoticed by the researchers as they could only see the URLs indicating an image and HTML files, which were sufficient to conceal the commands.

A lot of firewalls do not obstruct image and HTML files from passing through the HTTP traffic. Without in-depth inspection, these images and HTML files looks completely legit and do not pose any risks.

Attackers deployed steganography, which is a technique used for concealing malicious code or hidden data in the image files. While investigating on the Operation Shady RAT, Symantec researchers explored rigged images ranging from an image of a pastoral waterside scene to an image of a woman in a hat concealing commands indicating the infected machines to contact the command-and-control server.

By the versions of the Trojans downloading the HTML files, the commands are concealed in the HTML comments that though looks redundant are in reality encrypted commands that can be further converted into base-64 encoding.

However, Hon Lau, a Researcher at Symantec disagreed towards considering Shady RAT as an APT due to the errors committed during the configuration of the servers and the non-sophisticated malware and techniques used in this case, as per the news published in the GOV INFO SECURITY on August 12, 2011.

Thus, security experts though did not confirm Shady RAT as an APT, rightly reminded steganography hackers while describing Shady RAT as this technique often duped ignorant people into using them unconsciously and ending up in harming their systems.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

ยป SPAMfighter News - 25-08-2011

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next