The Latest in IT Security

How hackers hijack your Facebook photos?

03
Aug
2011

THINK twice before uploading your holiday pictures to Facebook – you could be helping someone to steal information from your computer. A botnet called Stegobot was created by an Indian origin scientist to show how easy it would be for a bad guy to hijack Facebook photos to create a secret communication channel that is very difficult to detect.

Like most botnets, Stegobot gains control of computers by tricking users into opening infected email attachments or visiting suspect websites.

But rather than contacting the botmasters directly, it piggybacks on the infected user’s normal social network activity. “If one of your friends is a friend of a friend of the botmaster, the information transfers hop by hop within the social network,finally reaching the botmasters”.

Stegobot takes advantage of a technique called steganography to hide information in picture files without changing their appearance. It is possible to store around 50 kilobytes of data in a 720 by 720 pixel image – enough to transmit any passwords or credit card numbers that Stegobot might find on your hard drive.

The botnet inserts this information into any photo you upload to Facebook, and then waits for one of your friends to look at your profile. They don’t even have to click on the photo, as Facebook helpfully downloads files in the background. If your friend is also infected with the botnet – quite likely, since any email you send them will pass it on – any photo they upload will also pass on the stolen data.

From there, the data will eventually make its way to the account of someone who is also friends with the botmaster, allowing them to extract details on your identity. The botmasters can also send commands to the botnet through the reverse process – uploading a photo with hidden instructions that make their way to infected computers.

Thankfully, Stegobot only exists in a lab. For now.

Leave a reply


Categories

FRIDAY, MARCH 29, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments