Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scan images for steganography and remove this data?


  • Please log in to reply
2 replies to this topic

#1 Double44

Double44

  • Members
  • 58 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States
  • Local time:08:00 AM

Posted 30 June 2014 - 05:01 PM

Hi, i recently read a Malwarebytes article on steganography, and I'm wondering if there is any program out there that can scan a collection of images for any imperfections such as steganography or unwanted metadata, and remove them?

 

I like to collect images from some of my favorite celebrities, and over time I've developed quite the collection. Occasionally I will scan for duplicates using Visipics to free up space. Some of the dupes i come across look so identical to each other in dimension, appearance and filetype, with the exception of the filesize. I keep the files with the largest filesize, and remove the rest. I keep the bigger ones because although i can't tell a difference in appearance, i assume the 723KB version has to be better than the 356KB version.. somehow.

 

If i could remove any potential 'dead weight', this could free me a considerable amount of hard disk space, including my Dropbox. I don't know how often steganography is used on the internet, so i have no idea how big of an impact it might actually have. Please help.

 

from Wikipedia:

bqkgrvZ.png


Edited by Double44, 30 June 2014 - 05:55 PM.


BC AdBot (Login to Remove)

 


#2 rp88

rp88

  • Members
  • 3,069 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:00 PM

Posted 01 July 2014 - 08:20 AM

steganography, from the greek for hidden writing, is a fascinating technique and has a wide array of uses. i would not however imagine it creating large differences in file size. in that example from wiki what alice (yes lets get in to cryptography talk!) has done is add the data for the cat picture into the tree picture so bob can receive the tree and extract the cat from it. what alice will also know is that for steganography to be worth doing the added data must be tiny compared to the thing it is hidden in, so as to avoid arousing eve's suspicions. what you are talking about is a change of file size by a factor of around 2, if someone is trying to hide data this is not how they would do it. now i can believe that celebrities might want to put hidden data ("this photo is copyright to me, check out my new album" sort of stuff) in official pictures of them but that sort of thing would never account for such a size difference. i can only assume that the difference is due to less compression or subtly higher quality (notice how some JPEGs have nasty blur bits in them, this is a sign of compression being done to them). if you don't need high res you could remove any meta-data and shrink the file size by zooming into the pic on your screen so it is as large as screen dimensions will allow then taking a screenshot and saving that, if you want to keep them at higher resolution than your screen your best bet is to import them into something like gimp perform a really tiny modification(like edit one pixel just to make it clear to gimp that this is a different image to the original) then export the image in a fairly lossless format. this should remove meta-data and any steganography and may reduce file size but on the other hand may lead to a larger output file size. my final advice is just keep the smaller file size image of both are visually identical, if you are running out of space to save them then stick them in zip or 7z archives for storage.

 

regarding that article, creepy and sneaky alright but i can't see how the trojan could execute from inside an image, the computer should just treat it as unreadable mess in the image and ignore the virus code. 


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 Veitch

Veitch

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:00 PM

Posted 08 July 2014 - 07:32 AM

The technique mentioned in the article is a simple one, as the data was just appended to the file. Sure you could write a program to detect and extract this kind of steganography and there are also programs that analyse files for known steganography techniques.

But I doubt that this will help you to free space, because image steganography is not prevalent in the usual images you download just somewhere.

 

Deleting meta-data won't probably free that much space as well.

 

If I where you I would write a script to scan the collection for uncompressed file types like BMP and convert them to compressed ones.

I would also set a limit to the resolution and scale files down that are bigger.

 

stick them in zip or 7z archives for storage

 

 

Compressing already compressed files usually doesn't help. It might even increase the size.

If the OP has uncompressed image formats, choosing a compressed image format is probably better than zipping.

 

regarding that article, creepy and sneaky alright but i can't see how the trojan could execute from inside an image

 

 

The article explains it. ;)

It is a settings file that was hidden, nothing else. The mere process of downloading an image is just less suspicious.

But apart from that: Trojans may consist of two parts: One part with the critical code hidden in an image, and the other part is just there to download, extract and launch the first part. As the critical part is hidden and only the non-critical stuff exposed, it will not be detected by antivirus scanners.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users