Beware of uploading your pictures on Facebook -- as an Indian origin computer scientist has warned that by doing this you could be helping someone to steal information from your computer.
The scientist created a botnet called Stegobot to show how easy it would be for a crook to hijack Facebook photos to create a secret communication channel that is very difficult to detect.
Like most botnets, Stegobot gains control of computers by tricking users into opening infected email attachments or visiting suspect websites. But rather than contacting the botmasters directly, it piggybacks on the infected user's normal social network activity.
"If one of your friends is a friend of a friend of the botmaster, the information transfers hop by hop within the social network, finally reaching the botmasters," New Scientist quoted Amir Houmansadr, a computer scientist at the University of Illinois at Urbana-Champaign who worked on the botnet, as saying.
Stegobot takes advantage of a technique called steganography to hide information in picture files without changing their appearance.
The botnet inserts this information into any photo you upload to Facebook, and then waits for one of your friends to look at your profile. They don't even have to click on the photo, as Facebook helpfully downloads files in the background. If your friend is also infected with the botnet than any photo they upload will also pass on the stolen data.
From there, the data will eventually make its way to the account of someone who is also friends with the botmaster, allowing them to extract details on your identity. The botmasters can also send commands to the botnet through the reverse process - uploading a photo with hidden instructions that make their way to infected computers.
"It's scary because it's virtually undetectable," said Shishir Nagaraja of the Indraprastha Institute of Information Technology, New Delhi, India, who led the project.
The scientist created a botnet called Stegobot to show how easy it would be for a crook to hijack Facebook photos to create a secret communication channel that is very difficult to detect.
Like most botnets, Stegobot gains control of computers by tricking users into opening infected email attachments or visiting suspect websites. But rather than contacting the botmasters directly, it piggybacks on the infected user's normal social network activity.
"If one of your friends is a friend of a friend of the botmaster, the information transfers hop by hop within the social network, finally reaching the botmasters," New Scientist quoted Amir Houmansadr, a computer scientist at the University of Illinois at Urbana-Champaign who worked on the botnet, as saying.
Stegobot takes advantage of a technique called steganography to hide information in picture files without changing their appearance.
The botnet inserts this information into any photo you upload to Facebook, and then waits for one of your friends to look at your profile. They don't even have to click on the photo, as Facebook helpfully downloads files in the background. If your friend is also infected with the botnet than any photo they upload will also pass on the stolen data.
From there, the data will eventually make its way to the account of someone who is also friends with the botmaster, allowing them to extract details on your identity. The botmasters can also send commands to the botnet through the reverse process - uploading a photo with hidden instructions that make their way to infected computers.
"It's scary because it's virtually undetectable," said Shishir Nagaraja of the Indraprastha Institute of Information Technology, New Delhi, India, who led the project.
0 comments:
Post a Comment