Imagine someone stealing information from your computer while you are uploading an image on Facebook. An unbelievable and scary thought isn’t it? It’s terrifying but with the latest computing hacking techniques, it’s quite possible. Researchers at the University of Illinois at Urbana-Champaign and the Indraprastha Institute of Information Technology in New Delhi, India have come up with “Stegobot”, a new generation botnet, which attaches itself to Facebook profiles and gains access to the user’s confidential data such as e-mail passwords while uploading Facebook pictures. Researchers said that Stegobot was developed to show how easy it could be for a hacker to exploit Facebook photos upload feature to sneak into the user’s computer.
Stegobot initially gains access to computers through the usual channels such as infected attachments or directs to malware-laden content. After gaining access, Stegobot applies a technique called “steganography” to conceal data in the image files without affecting the picture’s appearance, explains NewScientist.
The botnet incorporates the information into any image you are uploading on Facebook. And then it waits for one of your friends to see your profile. Stegobot can then infect your computer even if your friend has not clicked on the corrupted image. In case your friend is also infected with the botnet, then any photo they upload will also pass on the stolen data. And the relaying of the data can eventually land into the hands of a botmaster, who will be then able to access your identity.
“If one of your friends is a friend of a friend of the botmaster, the information transfers hop by hop within the social network, finally reaching the botmasters,” New Scientist quoted Amir Houmansadr, a computer scientist at the University of Illinois who worked on the botnet.
The research related to Stegobot is quite significant as this threat is virtually undetectable. Of late we have seen a spate of cyber attacks across the world. Whether it has been a government website or the IMF network, everything online seems vulnerable. Techniques such as Stegobot have only strengthened the contemporary need for more secure and foolproof methods to safeguard online identity.