Back to articles
Steganalysis
Volume: 28 | Article ID: art00015
Image
Malicons: Detecting Payload in Favicons
  DOI :  10.2352/ISSN.2470-1173.2016.8.MWSF-079  Published OnlineFebruary 2016
Abstract

A recent version of the "Vawtrak" malware used steganography to hide the addresses of the command and control channels in favicons: small images automatically downloaded by the web browser. Since almost all research in steganalysis focuses on natural images, we study how well these methods can detect secret messages in favicons. The study is performed on a large corpus of favicons downloaded from the internet and applies a number of state-of-art steganalysis techniques, as well as proposing very simple novel features that exploit flat areas in favicons. The ultimate question is whether we can detect Vawtrak's steganographic favicons with a sufficiently low false positive rate.

Subject Areas :
Views 38
Downloads 2
 articleview.views 38
 articleview.downloads 2
  Cite this article 

Tomáš Pevný, Martin Kopp, Jakub Křoustek, Andrew D. Ker, "Malicons: Detecting Payload in Faviconsin Proc. IS&T Int’l. Symp. on Electronic Imaging: Media Watermarking, Security, and Forensics,  2016,  https://doi.org/10.2352/ISSN.2470-1173.2016.8.MWSF-079

 Copy citation
  Copyright statement 
Copyright © Society for Imaging Science and Technology 2016
72010604
Electronic Imaging
2470-1173
Society for Imaging Science and Technology