http://i1-news.softpedia-static.com/images/news2/Vawtrak-Trojan-Hides-Updated-Server-List-In-Website-Icons-476711-2.jpg
Over 13,000 Canadians affected by recent Vawtrak campaign
Banking Trojan Vawtrak is continually evolving, with its authors finding new ways to evade detection and the methods used for communication, the latest approach being to use favicons to store the updated list of command and control servers and deliver it to the infected machine.
Favicons are icons displayed in browser tabs for the loaded websites in order to make browsing more comfortable and efficient. They are small image files, approximately 4KB in size.
Update C&C servers are in hidden in Tor
An analysis from AVG’s Jakub Kroustek revealed on Tuesday that the operators behind one version of Vawtrak now rely in some versions of the malware on digital steganography, a method that allows concealing data in images, such as text in favicons.
Full Article