Attacker are using legitimate image files to hide backdoors in order to maintain access to compromised servers, according to Web security firm Securi Security.

More than a dozen sites have been impacted by this known but not normally used method of attack, according to Daniel Cid, chief technology officer of Securi, who said his company continues the investigate the incidents.

A backdoor in a computer system is a means by which attackers can bypass normal security authentication and allow an attack to go unnoticed.


Canadian firms, vulnerable to cyber attacks: Federal agency
WordPress hit by botnet

Cid said Securi discovered the suspect image files on a previously Webservers. The Web sites were running outdated versions of content management system platform WordPress or outdated versions of Joomla, another CMS platform.

He said the images they found still loaded and worked properly.

“On this compromised sites, the attackers modified legit, pre-existing images from the sites,” he said in his blog. “This is a curious steganographic way to hide the malware.”

Once the server is compromised, the attackers can modify the image’s EXIF headers and re-load the image. The image renders normally and most Web masters will not notice any changes.

Should the exploit be discovered and security is tightened the image gives the attackers an access point which they can later on use again.

Read the whole story here

Would you recommend this article?

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
Download Now