Browse Definitions :
Definition

Stegano

Contributor(s): Ivy Wigmore

Stegano is a malware toolkit that allows users to hide malicious code in images. The kit’s name comes from steganography, which is a method of encoding secret data within a file for subsequent decoding.

In late 2016, Stegano was used in a malvertisement campaign that placed malicious code in PNG images in banner ads on prominent websites. The perpetrators hid their scripts within the code for transparency parameters in some pixels within images. The appearance of the images were altered slightly but not to the extent that the difference would be noted by a casual viewer. The attackers then used the image in an ad and bought display spots on popular websites. ESET, the IT security company that reported the exploit,  has not disclosed the names of the websites affected, since the sites themselves were not at fault.

Depending on undisclosed user profile variables, site visitors were either served a clean ad or a malicious one that enabled remote installation of malware on the users’ computers. The attack targeted users of Internet Explorer and exploited vulnerabilities in some versions of Flash Player. Malware installation was automatic and did not require that the user click the ad. Researchers reported that there were two ads in the campaign, one purportedly for privacy software called “Browser Defence” and one for an image-capturing product called “Broxu.”

According to ESET the malicious ads had installed various malware to the computers of over a million users within  the preceding two months.  Robert Lipovsky, a senior malware researcher with the company, said that figure was a conservative estimate.

This was last updated in December 2016

Continue Reading About Stegano

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

Extensions de fichiers et formats de fichiers

Motorisé par:

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • data breach

    A data breach is a confirmed incident in which sensitive, confidential or otherwise protected data has been accessed and/or ...

  • zero-day (computer)

    A zero-day vulnerability, also known as a computer zero day, is a flaw in software, hardware or firmware that is unknown to the ...

  • Cybercrime

    Cybercrime is any criminal activity that involves a computer, networked device or a network.

SearchHealthIT

SearchDisasterRecovery

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

  • business continuity policy

    Business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk ...

SearchStorage

  • business impact analysis (BIA)

    Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to ...

  • RAID (redundant array of independent disks)

    RAID (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks to ...

  • dedicated cloud

    A dedicated cloud is a single-tenant cloud infrastructure, which essentially acts as an isolated, single-tenant public cloud.

Close