Background/Objectives: Steganography is a technique that hides the secret information in an image and makes it imperceptible. The purpose of steganography is not only to keep others from knowing the hidden information but also to keep others from thinking that the information even exists. Hence the attacker takes this opportunity to hide the exploit code in the image and perform the desired attacks on a system. This is based on a tool named Stegosploit. It also explores the aberrance of images when these images are encoded with JavaScript code and analyzes the impact of this technique. It also provides the proposition of mitigation method for this attack. Methods/Statistical Analysis: In this attack, a malicious code is encoded in the image and when an image is downloaded, the malicious code is executed which performs the intended attack. Since the consequences of the attack depend on the malicious code, there is no predefined signature or behaviour of the attack. Therefore, it is difficult to identify this attack. This paper makes use of steganography as a tool for hiding the JavaScript code which exploits a system by deleting a file, starting a key logger in the background, stealing the sensitive information, damaging the resources of the system etc. Findings: It is observed that a potentially harmful code can be easily hidden in an image but few restrictions can be observed. Sometimes the encoding process is not proper which can lead to loss of code. Moreover, the difference in weighted average of pixels can act as a good mechanism to detect the presence of such an attack at end user system. Applications/Improvement: It helps the users especially students about the new technology that can endangered the privacy as well as their important data. Moreover, it depicts how modern day technology can be used by terrorists for secretly broadcasting messages. This raises a flag for security agencies to stay ahead in the game.
展开▼
