1

2
operating system crash as a result of hacking
loss of data due to hacking



Existing hacking technique involves sending a virus
application to the target system .
System's processes come to a halt causing the operating
system to crash making it useless .
Sometimes the hacking system modifies the data (active
attack) .

3
Existing hacking technique involves sending a virus
application to the target system .

system's processes come to a halt causing the
operating system to crash making it useless .
Sometimes the hacking system modifies the data
(active attack) .

Image binding is normally used to sent secret messages
between secure parties. The intruder doesn't know
about hidden message inside the image.

A Key logger is a program or file that has been
executed to record keystrokes a computer user makes.
It is extensively used for parental guidance.



4
The proposed system is hacking system which uses
image binding.
It aims to produce a passive attack.
It doesn't crash the system or it doesnt cause any harm
or modification to the data present in the system.
We are proposing a technique of binding a key logger to
an image using image steganography.
Once a computer user has been infected with a Key
logger, it will continue to run in a hidden manner, and
report all the information that is being input into the
computer, and this is sent back to the hacker or some
other hidden third party. After the hacker has compiled
enough information using the Key logger,

Key logger sent the all key strokes of the master system

5
6
1) ON THE LIMITS OF STEGANOGRAPHY
by Ross J Anderson and Fabien A.P
OBJECTIVE:
what steganography is and what it can do.
contrast it with the related disciplines of
cryptography and traffic security.
Present an active attack
Show that public key information hiding system
exists

7

What is steganography?
Classical steganography embeds a secret message in a
cover message using a key
Once the cover object has a material embedded in it,
it is called a stego object
Classical cryptography deals with concealing the
content of messages, steganography is about
concealing their existence
Techniques for concealing meta-information about
message, such as its existence, duration, sender and
receivers, are collectively known as traffic security.
Steganography is often considered to be a proper
subset of this discipline.









8
ACTIVE ATTACK
Proposed an attack based on bandwidth limitation
The active attack inject unwanted signals or noises
More the cover bits used ,easily the noise can be
inserted

PUBLIC KEY STEGANOGRAPHY
Proposed a public key information hiding system
Alice can embed the message in parity bits using
bobs public key
Only bob can decrypt using his private key
Removes the need for a shared secret key


9
2)HIDING THE TEXT INFORMATION USING
STEGNOGRAPHY
by M . Grace , S .kiran ,M.Swapna , T . Rao
OBJECTIVE:
The problems present in the text steganography and issues
with existing solutions are highlighted.
In information hiding, a novel approach is proposed by
using inter-word spacing and inter-paragraph spacing as a
hybrid method
The considerable drawbacks of every existing method and
how the new approach might be recommended as a
solution can be analyzed
10
PROPOSED APPROACH
A new approach is proposed by creating a hybrid
method in utilizing whitespaces between words
and paragraphs in right-justification of text.
This method can be an improvement of open
space method because it is not using a sole
method of encoding data.
By combining methods of inter-word spacing and
inter-paragraph spacing into an embedding
algorithm, a larger capacity for embedding
hidden bits is provided.

11
THERE ARE 4 MODULES
1. Registration:
To enter personal information about that particular
user.
To enter the username and password identification
mechanism.
To give the successful solution identification
information.
To get the window in the form of message
transformation
2. Encrypt Text information:
To give that any message information that can be
converted in the form bit format identification manner.
To generate bit format identification process that can
be involved in the form substitution technique.
.
12
3. Mapping through that XML schema:
To give full description of information through the
classification methodology To introduce in the
form tree structure identification technique.
After that to generate identification of correct
decision making identification process.
To expose data information currently available
data.
4. Decrypt that information to another language
of environment:
After encoding that information it can be
transferred and stored inside the same view
message
13
3) Hiding Text Behind Image For Secure
Communication
by S.Pandey and A.Lathigara
OBJECTIVE:
This paper intends to give an overview of image
steganography and its uses
Classifying the variety of image steganographic
techniques
The different requirements for the different
steganographic methods used

14
Image steganographic method
LSB Method
hide the message in the least significant bits
(LSBs) of pixel values of an image.
LSB - Uses
Storing passwords and/or other confidential
information
Covert communication of sensitive data
Speculated uses in terrorist activities
Being widely used to hide and/or transfer illegal
content

15
4)EDGE ADAPTIVE IMAGE
STEGANOGRAPHY BASED ON
LSB MATCHING REVISITED
The least- signicant-bit (LSB)-based approach is a
popular type of steganographic algorithms in the spatial
domain.
embedding positions within a cover image mainly
depends on a pseudorandom number generator
The smooth/ at regions in the cover images will
inevitably be contaminated after data hiding even at a
low embedding rate, will lead to poor visual quality
The LSB matching revisited image steganography and
propose an edge adaptive scheme which can select the
embedding regions

16
Data embedding stage

initializes some parameters, which are used for subsequent
data
preprocessing and region selection
estimates the capacity of those selected regions.
post processing to obtain the stego image.

Data extraction

extracts the side information from the stego image.
preprocessing and identies the regions that have been used
for data hiding.
obtains the secret message according to the corresponding
extraction algorithm.
17











Proposed scheme. (a) Data embedding. (b) Data extraction
18
5)DETECTING LSB STEGANOGRAPHY IN
COLOR AND GRAY-SCALE IMAGES

Steganography is the art of secret communication.
Purpose: to hide the presence of communication, as opposed to
cryptography,.
Used digital images, videos, sound files, and other computer files
that contain perceptually irrelevant or redundant information .
After embedding a secret message into the cover image, we obtain
a so-called stegoimage.

. FACTORS AFFECTING SECURITY:
the less information we embed into the cover image, the smaller
the probability of introducing detectable artifacts by the embedding
process.
Another important factor is the choice of the cover image.
19

selection is at the discretion of the person who sends the message
Some steganographic experts recommend grayscale images as the best cover



the lossless capacity became a sensitive measure for the degree of randomization of the LSB
plane.
most images the LSB plane is essentially random and doesnt contain any easily recognizable
structure.
Using classical statistical quantities constrained to the LSB plane to capture the degree of
randomization is unreliable.
The lossless capacity reflects the fact that the LSB planeeven though it looks random is
related nonetheless to the other bit planes.
This relationship, however, is nonlinear, and the lossless capacity seems to measure this
relationship fairly well.
20



Usually the images stored previously in the JPEG format are a poor choice for
cover images. -- the quantization introduced by JPEG compression can serve as a
watermark or unique fingerprint.
The importance of techniques that can reliably detect the presence of secret messages
in images is increasing.

Images can hide a large amount of malicious code that could be activated by a small
Trojan horse type of virus.
detection of hidden information in images should be a part of every virus-detection
software.
Employing a form of LSB embedding information,in most softwares

new RS Steganalysis is an important contribution that will find numerous applications
for law enforcement and industry in general.
21
22
6) Key loggers : Increasing threats to
computer security and privacy
by S . Sagiroglu and G . Canbek

Favorite tool of hackers

Key loggers are known variously as tracking software ,
Computer activity monitoring software, Keystroke
monitoring systems ,Keystroke recorders ,Key stroke loggers,
Keyboard sniffers and snoop ware

Main purpose of key loggers
To monitor a users keyboard actions
They can track virtually anything running on a computer.
Screen scrapers, enable the visual surveillance of a target
computer.


23
Key loggers can be mainly classified into two
categories: hardware and software.

Hardware key logger Software key logger
Small electronic devices used for
capturing the data in between a keyboard
device and I/O port.

Software key loggers track systems that
collect keystroke data within the target
operating system

They store the keystrokes in their built-in
memory after being mounted in a
computer system
Store them on disk and send them to the
attacker who installed the key logger.
The major disadvantage of hardware key
loggers is require physical installation.
Parasitical ones are produced or used by
hackers.

An acoustic key logger ,transmit
keystrokes using the enhanced encoding
scheme.

Monitoring methods for software key
loggers are operating-system specific.

24
Keyboard State
Table Method

Windows Keyboard
Hook Method

The Kernel-Based
Keyboard Filter
Driver method,

Creative methods

every application
that uses a window
interface refers to a
table showing the
status of 256 virtual
keys
Hook-based key
loggers monitor the
keyboard with
functions provided
by the OS.
The key loggers
using this method
reside at the kernel
level and are thus
practically invisible.
It is more
advanced than
the two methods
introduced
earlier.

Creative key logger
coders are
constantly
developing key
loggers
25
Keyboard State
Table Method

Windows
Keyboard Hook
Method

The Kernel-Based
Keyboard Filter
Driver method,
Creative methods
table is normally
used by
applications for
determining other
key states at the
same time.
OS warns any time
a key is pressed
and it records the
action. Windows
hooks are unique
to Windows
message
mechanisms.
keyloggers are
difficult to
implement,
difficult to detect,
and administrator
privileges are
required to install
them on a target
machine.
a keyboard filter
driver is installed
by a keylogger
before the systems
keyboard device
drive
requiring less
memory space,
less CPU usage,
and less
interference with
other software.
The development
of these new
methods is
ongoing.
26
7)BYPASSING ANTIVIRUS WITH CRYPTERS







The task of today's security software is to protect computers against
malware and hacker attacks .
The security software use signatures and heuristic to detect known
viruses, root kits and Trojan horses.


Traditional approaches such as signature scanning, one of the most
common techniques employed by antivirus companies are becoming
inefficient for the high amount of samples found in the wild.
Antivirus manufacturers nowadays implements more and more
complex functions and algorithms in order to detect the latest and
newest viruses along with their variants.

27

Because viruses can embed themselves in existing files, the entire file is
searched, not just as a whole, but also in pieces.
But cannot defend against malware unless samples have already been
obtained and signatures created
As new viruses are being created each day, the signature based
detection approach requires frequent updates of the virus signature
dictionary.
Although the signature based approach can effectively contain virus
outbreaks, virus authors have tried to stay a step ahead of such software
by writing "oligomorphic", "polymorphic" and, more recently,
"metamorphic" viruses, which encrypt parts of them or otherwise
modify them as a method of disguise, so as to not match virus
signatures in the dictionary.
28
This sort of scanning and analysis can take some time, which may
slow down system performance. The main concern with heuristic
detection is that it often increases false positives .
False positives are when the antivirus software determines a file is
malicious (and quarantines or deletes it) when in reality it is
perfectly fine and desired.
Because some files may look like viruses but really arent, they are
restricted and stopped.
Heuristic scanning engines work on the principle that viruses will
usually use certain tricks or methods of infecting, and therefore if a
program looks like it might be using those tricks; there is a
possibility that the program is a virus.
In reality heuristics works are quite well for some types of viruses,
such as Macro Viruses, but not so well for other types.

29
8) BINDERS



Popular Binders

Here are some of the popular binders used by hackers to hide keyloggers and Trojans:

Simple Binder


30
Weekend Binder

Weekend Binder can be used to bind two or
more files under one extension and icon, If the
binded file contains an application, the
application also runs along with the actual
binded files .

How to detect Crypted Binded files?
If a trojan or keylogger is binded
with a file and it's crypted in order
to bypass antivirus detection then
its very difficult to detect it,
However there is a great piece of
software called resource
hacker which is really effective
when it comes to keylogger
protection, It detects whether the
file is binded or not.

31
What is Crypter?

Crypter is free software used to hide our viruses, keyloggers or any RAT tool
from antivirus so that they are not detected and deleted by antivirus.
A crypter is a program that allow users to crypt the source code of their
program.

What does Crypter do?
Crypter simply assigns hidden values to each individual code within source
code. Thus, the source code becomes hidden.
Hence, our sent crypted trojan and virus bypass antivirus detection and our
purpose of hacking them is fulfilled without any AV hindrance.

What is FUD?
With increased use of Crypters to bypass antiviruses, AV became more
advanced and started including crypter definitions to even detect crypter
strings within code.
No publicly available crypter is FUD.
So, if you crypt RATs with publicly available crypters, they are bound to
be detected by antiviruses.
32




FIG:A FUD CRYPTER/BINDER
STEPS TO BE FOLLOWED
1. First download Crypter

2. To get the password

3. Install software on your computer

4. Now, click on "Select File #1" and select the keylogger or RAT you want to crypt to avoid its
antivirus detection.

5. Click on "Select File #2" and select the normal file with which you want to bind our trojan,
RAT or Keylogger.

6. If you want you can also change the icon. Finally, hit on "crypt" to . make the file UD


33
HACKING
OUTPUT
KEYLOG
RECORDS
INSIDE SOFTWARE
LOGIN
TO
SELECT
IMAGE
INPUT
IMAGE
PROCESSING
BLURRED
IMAGE IMAGE
BINDING
STORE
IMAGE
LOGOUT
E
-
M
A
I
L

34

IMAGE
MANIPULATION
CONVERT
TO BITS
IS THERE
ANY
WHITE
SPACE
BLURRED
IMAGE
DELETION OF
WHITE SPACE
IMAGE
SELECTION
35

IMAGE MANIPULATION
RESIZE
IMAGE
CROPPING
IMAGE
AUTOFILLILNG
36
SELECT KEYLOGGER
ATTACH FUD
BINDER
INSERT TO
AVAILABLE BIT
SPACE
ENCRYPT
STEGO OBJECT
37
STEGO
OBJECT
SENT TO
RECIEVER
OPENS IMAGE
KEYLOGGER
ACTIVATION
S
T
A
R
T
S

R
E
C
O
R
D
I
N
G

KEYLOG
HACKER
RECEIVES
DATABASE
OF LOGS

38

SYSTEM OF
HACKER ACTS AS
A CHILD OF THE
HACKED SYSTEM
RECORD
OF THE
KEYS
PRESSE
D BY
THE
PARENT
KEYLOGS STORED IN DATABASE
SYSTEM OF THE
VICTIM ACTS AS
THE PARENT OF
THE HACKER
SYSTEM
39
HARDWARE REQUIREMENTS
System Type: IBM compatible PC with 1GHz
RAM: 512MB
Cache: 512KB
Storage: 120GB
SOFTWARE REQUIREMENTS
Operating System: Windows 2000 Server/
Windows XP/Windows 7
Language Used:JDK-7U25-WINDOWS-i586
Softwares used:Netbeans IDE 7.3
DATABASE: MYSQL
FUD Binder

40

FUNCTIONAL REQUIREMENT
Image selection: careful selection of the
Image so as to maintain it as original as
possible.
Image bit extraction: extraction of the bit
representation of the selected image.
Binding: binding program in the selected image
Image exchange via e-mail: Sending the processed
image to victim via e-mail

41
Our objective is to build an authenticated
software which processes a selected image
and binds a key logger with it. Later the stored
image is to be sent to the victim.

The work is successfully started and we hope
to expand the work further to achieve best
results.

42
REFERENCE
REFERENCE PAPERS:
Data hiding in audio signal, video signal , text and jpeg images
Key loggers : Increasing Threats to Computer Security and Privacy
Reversible Data Hiding in Encrypted Image
Unprivileged Black-Box Detection of User-Space Key loggers
On the Limits of Steganography
Detecting LSB Steganography in Color and Gray
Hide and Seek: An Introduction to Steganography
Hiding Text behind Image for Secure Communication

IEEE-International Conference On Advances In Engineering, Science
And Management (ICAESM2012) March 30, 31, 2012

43
REFERENCE
REFERENCE SITES:


http://williamstallings.com/Cryptography/

http://williamstallings.com/Crypto/Crypto4e.html

http://www.securelist.com/en/analysis?pubid=204791931

http://pro-hac.blogspot.in/2010/04/what-is-fud-crypter-hide-trojans.html

http://www.combofix.org/what-is-a-keylogger-virus-and-how-to-remove-it.php

http://www.hackersthirst.com/2011/03/hiding-ratstrojans-and-keyloggers-from.html

http://www.101hacker.com/2011/03/crypter-software-to-bypass-antivirus.html

http://hackclarify.blogspot.in/2012/05/hiding-keyloggersratswormsviruses-using.html

http://k1ng420.blogspot.in/2013/06/binders-and-crypters.html

http://hack-o-crack.blogspot.in/2011/01/hide-keyloggers-and-trojans-with.html

44
45