Security Advisory
The Camera/Shy Hacker Tool: NetIQ Responds to Help Keep Customers Protected
Hacktivismo, purportedly a sub-group of the Cult of the Dead Cow (cDc) hacker group, released the Camera/Shy steganographic program on July 13, 2002. The Camera/Shy program allows Internet users to conceal information, viruses, or exploitative software inside graphic files on Web pages. Using steganographic techniques ("stegging") bypasses most known monitoring methods. The steganographic (encryption and stealth) technologies Camera/Shy provides allow users to transmit undetectable content through firewalls, anti-virus systems, and even intrusion detection systems, substantially reducing the protection offered by these solutions.
Widespread use of the tool could result in substantial losses through data exposure, or by unknowing receipt of Trojan or virus files hidden in Web images by this tool. Camera/Shy uses sophisticated techniques combined with an easy to use interface to entice users to post encrypted ("stegged") information on the Internet, potentially placing many companies, governments, and individuals at high risk for data exposure, worm or virus transfer, or leaks of confidential information.
NetIQ Corporation has responded to this security situation by providing a new security test for Security Analyzer and a new Active Knowledge Module (AKM) for Security Manager to detect and shut down Camera/Shy. Customers who are currently using Security Analyzer should run the AutoSync update service as soon as possible to download the new security test.
Customers currently using Security Manager and on current maintenance should download the Camera/Shy AKM to add a Security Detect Rogue Processes rule to detect the CameraShy.exe process. This rule enables Security Manager to detect when Camera/Shy is running and immediately shuts it down. Security administrators not yet running Security Manager can download a trial version of Security Manager and experience its advanced security management, intrusion detection, and log consolidation capabilities.
For more information about these NetIQ security responses, see the Advisory for Camera/Shy.
