Overclock.net › Forums › Industry News › Technology and Science News › [SND]'Stegobot' Steals Passwords, Credit Card Data from Facebook Pics
New Posts  All Forums:Forum Nav:

[SND]'Stegobot' Steals Passwords, Credit Card Data from Facebook Pics

post #1 of 13
Thread Starter 
Quote:
Take a look at your Facebook photo. Seems innocent enough, right? Well, what if behind the photo, hidden in kilobytes of data and totally invisible, was a list of all your passwords and even your credit card number?
It's terrifying — and as with most advanced computer hacking techniques, it's entirely possible.
http://www.securitynewsdaily.com/ste...ook-pics-1009/
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
post #2 of 13
This sounds sensationalized, being able to 'hide' stuff in pictures is super old news, its just a simple cmd line hack. This only happens after "After gaining access to computers though the usual channels — infected attachments or redirects to malware-laden websites"

soo picture had nothing to do with the hacking, they guy could easily send himself the data, but he decides to put it in a picture?

and this im highly sceptical of:
"After the botnet hides your personal information in a photo and a friend views your Facebook page, their computer becomes infected. They don’t even have to click on the corrupted photo for Stegobot to go to work."

I'll have to see that in action before i believe it...
Edited by .:hybrid:. - 8/1/11 at 2:51pm
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
Webcrawler
(17 items)
 
  
CPUMotherboardGraphicsRAM
i5 3570k ASRock Z75 Pro3 Sapphire 7870 XT Boost Corsair Vengeance, DDR3 1600Mhz 
Hard DriveHard DriveOSMonitor
SpinPoint F1 1TB 64GB M4 SSD Windows 8.1 SyncMaster P2050 
MonitorKeyboardPowerMouse
Dell U2312HM Sidewinder X4 Be Quiet! Pure Power CM L8 430w Zowie FK 
AudioAudio
Xonar DG Sennheiser HD 555 
  hide details  
Reply
post #3 of 13
A bot that gets on a system then logs passwords and puts them into a pic with steganography isn't particularly special. You still need to get infected with it somehow.

This needs explanation though:

Quote:
As if the prospect of a computer harvesting your private financial data through your Facebook pictures wasn't scary enough, Stegobot can lurk in the shadows of your pictures and covertly infect all your Facebook friends.

After the botnet hides your personal information in a photo and a friend views your Facebook page, their computer becomes infected. They don’t even have to click on the corrupted photo for Stegobot to go to work.
What vuln are they exploiting to have a simple image load in a browser root the system? MS had an old one but it was patched long ago. Running the browser sandboxed or in a VM would beat it either way, jailing it at least.
Nehalem
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 @ 4.3GHz Evga X58 3SLI 2X SLI Evga GTX 275 FTWs 756/1620/1296 6GB Mushkin Blackline 1600MHz 78720591T 
Hard DriveMonitorPower
OCZ Vertex2 60GB Sony FW900 Corsair 850TX 
  hide details  
Reply
Nehalem
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 950 @ 4.3GHz Evga X58 3SLI 2X SLI Evga GTX 275 FTWs 756/1620/1296 6GB Mushkin Blackline 1600MHz 78720591T 
Hard DriveMonitorPower
OCZ Vertex2 60GB Sony FW900 Corsair 850TX 
  hide details  
Reply
post #4 of 13
Yeah, BS these "news" sources always just try to make up stuff to scare us.
I've got a dedicated PC for a firewall.
My PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K - 4.8GHz MSI Z97 Gaming 5 ASUS GTX1080 STRIX OC Corsair Dominator DDR3-2400 
Hard DriveOptical DriveCoolingOS
SanDisk SSD LG Super Blue BD Drive H100i v2 Windows 10 Pro x64 
MonitorKeyboardPowerCase
LG 4K IPS 27" Corsair K65 RGB OCZ Game X Stream 600w Corsair Carbide Air 540 
Mouse
Logitech G502 
  hide details  
Reply
My PC
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 4790K - 4.8GHz MSI Z97 Gaming 5 ASUS GTX1080 STRIX OC Corsair Dominator DDR3-2400 
Hard DriveOptical DriveCoolingOS
SanDisk SSD LG Super Blue BD Drive H100i v2 Windows 10 Pro x64 
MonitorKeyboardPowerCase
LG 4K IPS 27" Corsair K65 RGB OCZ Game X Stream 600w Corsair Carbide Air 540 
Mouse
Logitech G502 
  hide details  
Reply
post #5 of 13
Thread Starter 
Keep in mind that a lot of people on this site isnt the "average" user. a lot of users dont jump through the hoops we do for security. it still good to have this kind of news regardless how likely you are to be taken by it to quote an old cartoon. knowing is half the battle. if people dont know that this stuff is happening then they wont learn how to prevent it.
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
post #6 of 13
Quote:
Originally Posted by Trippen Out View Post
Keep in mind that a lot of people on this site isnt the "average" user. a lot of users dont jump through the hoops we do for security. it still good to have this kind of news regardless how likely you are to be taken by it to quote an old cartoon. knowing is half the battle. if people dont know that this stuff is happening then they wont learn how to prevent it.
alot of people on this site think they know more then they really do.

which make easy targets
post #7 of 13
As has already been mentioned, why wouldn't the hacker just send themselves your data once they found it, rather than login to your facebook and change your picture?

Either I'm missing something, or this is just plain stupid.
Foldatron
(17 items)
 
Mat
(10 items)
 
Work iMac
(9 items)
 
CPUMotherboardGraphicsGraphics
i7 950 EVGA x58 3-way SLI EVGA GTX 660ti GTX 275 
RAMHard DriveHard DriveHard Drive
3x2GB Corsair Dominator DDR3-1600 80GB Intel X25-M SSD 2TB WD Black 150GB WD Raptor 
Hard DriveOSMonitorKeyboard
2x 150GB WD V-raptor in RAID0 Win7 Home 64-bit OEM 55" LED 120hz 1080p Vizio MS Natural Ergonomic Keyboard 4000 
PowerCase
750W PC P&C Silencer CoolerMaster 690 
CPUGraphicsRAMHard Drive
Intel Core i5 2500S AMD 6770M 8GB (2x4GB) at 1333Mhz 1TB, 7200 rpm 
Optical DriveOSMonitorKeyboard
LG 8X Dual-Layer "SuperDrive" OS X Lion 27" iMac screen Mac wireless keyboard 
Mouse
Mac wireless mouse 
CPUGraphicsRAMHard Drive
i7-2600K AMD 6970M 1GB 16GB PC3-10600 DDR3 1TB 7200rpm 
Hard DriveOptical DriveOSMonitor
256GB SSD 8x DL "SuperDrive" OS X 10.7 Lion 27" 2560x1440 iMac display 
Monitor
27" Apple thunderbolt display 
  hide details  
Reply
Foldatron
(17 items)
 
Mat
(10 items)
 
Work iMac
(9 items)
 
CPUMotherboardGraphicsGraphics
i7 950 EVGA x58 3-way SLI EVGA GTX 660ti GTX 275 
RAMHard DriveHard DriveHard Drive
3x2GB Corsair Dominator DDR3-1600 80GB Intel X25-M SSD 2TB WD Black 150GB WD Raptor 
Hard DriveOSMonitorKeyboard
2x 150GB WD V-raptor in RAID0 Win7 Home 64-bit OEM 55" LED 120hz 1080p Vizio MS Natural Ergonomic Keyboard 4000 
PowerCase
750W PC P&C Silencer CoolerMaster 690 
CPUGraphicsRAMHard Drive
Intel Core i5 2500S AMD 6770M 8GB (2x4GB) at 1333Mhz 1TB, 7200 rpm 
Optical DriveOSMonitorKeyboard
LG 8X Dual-Layer "SuperDrive" OS X Lion 27" iMac screen Mac wireless keyboard 
Mouse
Mac wireless mouse 
CPUGraphicsRAMHard Drive
i7-2600K AMD 6970M 1GB 16GB PC3-10600 DDR3 1TB 7200rpm 
Hard DriveOptical DriveOSMonitor
256GB SSD 8x DL "SuperDrive" OS X 10.7 Lion 27" 2560x1440 iMac display 
Monitor
27" Apple thunderbolt display 
  hide details  
Reply
post #8 of 13
Thread Starter 
Quote:
Originally Posted by lordikon View Post
As has already been mentioned, why wouldn't the hacker just send themselves your data once they found it, rather than login to your facebook and change your picture?

Either I'm missing something, or this is just plain stupid.
i think its more like they dont need to log into your facebook but instead simply view the picture. This makes it a rather interesting method of delivery and harder to detect.

If it simply broadcasted that information back to a certain location that data can be traced and or stopped. However if you are able to scour facebook for pictures that contain his information and retrieve it at will then that sounds like a way that could be much hard to trace back to its source.

at least thats how i view it. but im not an expert im just a stoner with an open imagination.
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel I7 2600k Asus p8p67-Deluxe Zotac GTX780 6GB OC G-skill Ripjaws 1866 
Hard DriveHard DriveHard DriveOptical Drive
Samsung 840 EVO 250 Samsung EVO 120 Western Digital 1TB Black Lite On 20x DVD RW 
CoolingOSOSOS
XSPC RayStorm + 360Extreme Rad Arch Linux Windows 8.1 x64 WindowsRE 
MonitorKeyboardPowerCase
Asus PB278Q ThermalTake Meka G1 Evga SuperNova 1000 P2 Xigmatek Elysium 
MouseMouse PadAudio
Logitec G500 Gaming Mouse Ultra Pad Fiio E-17 + ATH-M50 
  hide details  
Reply
post #9 of 13
Quote:
Originally Posted by Trippen Out View Post
i think its more like they dont need to log into your facebook but instead simply view the picture. This makes it a rather interesting method of delivery and harder to detect.

If it simply broadcasted that information back to a certain location that data can be traced and or stopped. However if you are able to scour facebook for pictures that contain his information and retrieve it at will then that sounds like a way that could be much hard to trace back to its source.

at least thats how i view it. but im not an expert im just a stoner with an open imagination.
You're absolutely right, but how would someone go about identifying the pictures with stenographic message hidden in them? There are billions of photos on facebook (I assume). If there are no visual signs, how would someone find a photo without downloading it and inspecting it for stenography?

Also, I was under the impression photos were subject to facebook privacy settings, in that only certain people can see certain photos?
post #10 of 13
GI-Joe So much win hahahaha
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [SND]'Stegobot' Steals Passwords, Credit Card Data from Facebook Pics