Results 1 to 8 of 8

Thread: Cloak.exe

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post Cloak.exe

    I downloaded this encryption program that hides files or even executable programs in a bitmap image. I was wondering if anyone else had used it and what they thought. I was also wondering if the same technology could be used to hide a malicious trojan inside a seemingly harmless bitmap image. I certainly hope it isnt possible, because I could see going to an infected website that releases a trojan into your system just by downloading their web page.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  2. #2

    Talking Re: Cloak.exe

    Originally posted by ThePreacher
    I downloaded this encryption program that hides files or even executable programs in a bitmap image. I was wondering if anyone else had used it and what they thought. I was also wondering if the same technology could be used to hide a malicious trojan inside a seemingly harmless bitmap image. I certainly hope it isnt possible, because I could see going to an infected website that releases a trojan into your system just by downloading their web page.
    When it is encoded in a bitmap the data is not "Executed" when viewed with a graphic viewer.. more or less the data is skipped over. But when using the program to extract the data then it could be executed by the user.. but hey. how often would u see a 50 x 50 pixel bitmap that is over five megs? hahaha So mainly text files could be stored in bmps.

    This is OLD technology.
    ------------EViLSEED
    Hackers are impervious. Resistant is futile.


  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    185

    Re: evil cloak.exe

    yep, I ran across a page in german that gives a pretty detailed how-to on doing just that. If it becomes a popular script kiddie thing it could lead to some major suckage for all involved in cleaning up the mess.
    Know this..., you may not by thyself in pride claim the Mantle of Wizardry; that way lies only Bogosity without End.

    Rather must you Become, and Become, and Become, until Hackers respect thy Power, and other Wizards hail thee as a Brother or Sister in Wisdom, and you wake up and realize that the Mantle hath lain unknown upon thy Shoulders since you knew not when.


  4. #4
    Old-Fogey:Addicts founder Terr's Avatar
    Join Date
    Aug 2001
    Location
    Seattle, WA
    Posts
    2,007

    Re: Re: evil cloak.exe

    Originally posted by ThePreacher
    I downloaded this encryption program that hides files or even executable programs in a bitmap image. I was wondering if anyone else had used it and what they thought. I was also wondering if the same technology could be used to hide a malicious trojan inside a seemingly harmless bitmap image. I certainly hope it isnt possible, because I could see going to an infected website that releases a trojan into your system just by downloading their web page.
    Uhm... AFAIK that's not gonna happen without a helper application. I mean, all that will happen is your image program will open the file, render what it can, and that's it. To assume that photoshop will automatically decipher any information hidden inside the picture and run it... That's giving Adobe a lot of credit in the 'features' department. It's like hiding a bomb with a 'enter-your-id-to-go-boom' panel on it within a painting. People are just gonna admire the painting, they aren't gonna figure out that you have to rip the painting open and take out the package and follow the instructions.

    Originally posted by UberC0der
    yep, I ran across a page in german that gives a pretty detailed how-to on doing just that. If it becomes a popular script kiddie thing it could lead to some major suckage for all involved in cleaning up the mess.
    What do you mean? I could see this being a method to update trojans secretly, but hardly as a method to install the 'beachhead' trojan. You need something malicious in there in the first place to decipher the steno and then use the content.
    [HvC]Terr: L33T Technical Proficiency

  5. #5

    Re: Re: Cloak.exe

    Originally posted by evilseed


    When it is encoded in a bitmap the data is not "Executed" when viewed with a graphic viewer.. more or less the data is skipped over. But when using the program to extract the data then it could be executed by the user.. but hey. how often would u see a 50 x 50 pixel bitmap that is over five megs? hahaha So mainly text files could be stored in bmps.

    This is OLD technology.
    Does no one see my post?

    Let me sum it up.. Sure you can hide data in a image file.. But the data is useless unless the intended person extracts the data. No image viewer will extract or execute the hidden data in the file.. the image viewer will simply skip over it....

    Ok?
    ------------EViLSEED
    Hackers are impervious. Resistant is futile.


  6. #6
    Member
    Join Date
    Sep 2001
    Posts
    77
    It seems this has been done with pdf files.....

    http://www.coderz.net/zulu/outlook.pdfworm.txt

    It seems that I remember something from adobe's page about a new implementation of embedded objects within pdf files and the use of OLE for activation of those objects.

    I'll have to go dig again, but I do know macafee has announced support for pdf formats in their virus scan products.

    cheers
    I\'m not a BOT I\'m a beer droid!
    Prepare to be Assimilated.

  7. #7
    Does no one hear my screams?
    ------------EViLSEED
    Hackers are impervious. Resistant is futile.


  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    118

    Re: Re: Re: evil cloak.exe

    Originally posted by Terr

    Uhm... AFAIK that's not gonna happen without a helper application.
    Yeah i presume that you'd have to have another aplication to extract the code for you.

    Originally posted by Terr

    It's like hiding a bomb with a 'enter-your-id-to-go-boom' panel on it within a painting.
    LOL . Surely those who rip open the painting will be clever enough not to follow the instructions though? j/k

    Originally posted by Terr

    I could see this being a method to update trojans secretly, but hardly as a method to install the 'beachhead' trojan. You need something malicious in there in the first place to decipher the steno and then use the content.
    Nice idea (dammit why don't i think of that kinda thing). Could be a nice way to update a trojan
    There\'s no sense in being Pessimistic...it would never work anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •