Back to articles
Volume: 28 | Article ID: art00015
Malicons: Detecting Payload in Favicons
  DOI :  10.2352/ISSN.2470-1173.2016.8.MWSF-079  Published OnlineFebruary 2016

A recent version of the "Vawtrak" malware used steganography to hide the addresses of the command and control channels in favicons: small images automatically downloaded by the web browser. Since almost all research in steganalysis focuses on natural images, we study how well these methods can detect secret messages in favicons. The study is performed on a large corpus of favicons downloaded from the internet and applies a number of state-of-art steganalysis techniques, as well as proposing very simple novel features that exploit flat areas in favicons. The ultimate question is whether we can detect Vawtrak's steganographic favicons with a sufficiently low false positive rate.

Subject Areas :
Views 44
Downloads 2
 articleview.views 44
 articleview.downloads 2
  Cite this article 

Tomáš Pevný, Martin Kopp, Jakub Křoustek, Andrew D. Ker, "Malicons: Detecting Payload in Faviconsin Proc. IS&T Int’l. Symp. on Electronic Imaging: Media Watermarking, Security, and Forensics,  2016,

 Copy citation
  Copyright statement 
Copyright © Society for Imaging Science and Technology 2016
Electronic Imaging
Society for Imaging Science and Technology