Hacking someones computer with just an image.
This week the hacker news brought to light how simple is it to use an image to compromise someone’s computer. Dubbed Stegano, it is derived from the word Steganography, which is a technique of hiding messages and content inside a digital graphic image, making the content impossible to spot with the naked eye.
Video on Steganography:
Stegano takes effect once a user visits a site hosting malicious advertisement, the malicious script is embedded in the ad which then compromises information about the victim's computer and then sends the information to the attacker's remote server without any user interaction. The malicious code inserted then uses the CVE-2016-0162 vulnerability in Microsoft's Internet Explorer (IE) browser in order to scan the target computer to see if it is running on a malware analyst's machine. After verifying the targeted browser, the malicious script redirects the browser to a website that hosts Flash Player exploits for three now-patched Adobe Flash vulnerabilities: CVE-2015-8651, CVE-2016-1019, and CVE-2016-4117. Thus, with the vulnerable Adobe Flash installed the hacker can now exploit these vulnerabilities and use that to gain root access to the victim’s computer. With root access the hacker can access any files on the victim’s computer and use it as a bot in an DDOS attack.
Stegano-Attack Diagram:
(Tuesday, December 06, 2016)
