Trojan that hides inside images infects healthcare organizations
By Lucian Constantin
IDG News Service | Jun 25, 2015 12:54 PM PT
More than 66 percent of the malware's victims were
A computer Trojan that hides its malicious code inside PNG image files counts healthcare organizations in the U.S. among its primary targets.
The Stegoloader Trojan uses digital steganography techniques to sneak past computer and network defenses. It originally appeared in 2012, but has seen a resurgence over the past several months.
According to a recent report from Dell SecureWorks, the Trojan is designed to steal files, information and passwords from infected systems, but has additional modules that extend its functionality.
During the Stegoloader infection process, a temporary deployment component downloads a PNG file from the Internet. This is a functional image file, but hidden inside, among its pixels, are small bits of encrypted code that get extracted and are used to reconstruct the Trojan's main module.
Neither the PNG image or the Trojan's main module are ever saved to disk. Instead, the whole process happens in the computer's memory and the Trojan is loaded directly into memory as well.
The technique of using fileless components has increasingly been used by malware authors over the past couple of years, including by cyberespionage groups. It makes malware threats much harder to detect and investigate.
Using digital steganography to hide malicious code is not new either, but it's an increasingly used technique. The goal is to bypass network-level malware scanners that inspect content flowing in and out of the network.
According to statistics from antivirus vendor Trend Micro, over the past three months Stegoloader infections were detected primarily inside organizations from the healthcare, financial, and manufacturing industries. Over 66 percent of the victims were from the U.S.
For a great email parody, view the following link:
**Important note** - contact our company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.