What does your discovery mean for internet users?
It means that there are advertising banners with "poisoned pixels" leading to a
new exploit kit, intended to enable the bad guys to remotely install malware onto victims' computers. The victim doesn't even need to click on the malicious
ad content; all it takes is to visit a website displaying it. If the victim's computer runs a vulnerable version of Flash Player, the machine will be compromised via an exploited vulnerability automatically.
Where are the poisoned pixels in this?
Well, the name "Stegano" refers to steganography, which is a technique the bad guys used to hide parts of their malicious code in the pixels of the advertisements' banners. Specifically, they hide it in the parameters controlling the transparency of each pixel. This makes only minor changes to the (color) tone of the picture, making the changes effectively invisible to the naked eye and so unnoticed by the potential victim.
Always Mount a Scratch Monkey
Do you manage your own servers? If you are not running an IDS/IPS yer doin' it wrong...
... The pursuit of truth will set you free. Even if you never catch it.
* Origin: (1:3634/12.73)
From Chris Jones@1:135/371 to mark lewis on Wednesday, December 14, 2016 22:01:52
Re: more reasons to drop flash and block ads
By: mark lewis to all on Wed Dec 07 2016 09:46 am
This exploit also attempts to verify that it is not being run in a monitored environment such as a malware analyst's machine. If it does detect signs of monitoring it displays a clean banner image instead to avoid detection.