In the escalating clash between online scammers and security vendors, the attackers have once again developed new tactics that give them the upper hand in bypassing filters and infiltrating corporate networks, experts say. . . .
The new techniques, which experts began seeing sporadically earlier this year and in large waves in recent weeks, involve the use of a process called steganography, or embedding or hiding text in an image.

In the most recent cases, spam and phishing messages have incorporated complex images containing text. In some cases, the image files include hidden code designed to exploit known vulnerabilities in e-mail clients and Web browsers.

The most prominent example of the steganography wave is a recent variation on the ubiquitous Citibank phishing scam that attempts to lure recipients into disclosing online banking user names and passwords. Previous versions used text and images, such as authentic-looking Citibank logos and privacy seals. But versions that began surfacing recently are made up of one large image file containing all the text.

"We continually modify our systems to enhance safeguards for our customers," said a spokesperson for Citibank, a unit of Citigroup Inc., in New York. "It is also important that consumers be aware of these issues and act appropriately."

The link for this article located at Dennis Fisher is no longer available.