David Sancho from TrendLabs wrote a blog post about the use of steganography by malware.
The modus operandi of some malware is described :
- ZeusVM hides its configuration inside JPG images
- VAWTRAK hides it in a remote favicon image file
- FakeReg hides malware settings in the app icon
- VBKlip hides data within C&C HTTP headers
