Attacker are using legitimate image files to hide backdoors in order to maintain access to compromised servers, according to Web security firm Securi Security.
More than a dozen sites have been impacted by this known but not normally used method of attack, according to Daniel Cid, chief technology officer of Securi, who said his company continues the investigate the incidents.
A backdoor in a computer system is a means by which attackers can bypass normal security authentication and allow an attack to go unnoticed.
Cid said Securi discovered the suspect image files on a previously Webservers. The Web sites were running outdated versions of content management system platform WordPress or outdated versions of Joomla, another CMS platform.
He said the images they found still loaded and worked properly.
“On this compromised sites, the attackers modified legit, pre-existing images from the sites,” he said in his blog. “This is a curious steganographic way to hide the malware.”
Once the server is compromised, the attackers can modify the image’s EXIF headers and re-load the image. The image renders normally and most Web masters will not notice any changes.
Should the exploit be discovered and security is tightened the image gives the attackers an access point which they can later on use again.
Understanding how IBM Spectrum Protect enables hybrid data protection
Abdicating your company’s data protection responsibilities to the first cloud solution provider you encounter is just as unwise as doing nothing at all to leverage the cloud. On the other hand, it can be a wise decision to investigate what results you might achieve by choosing a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.