Remember this thread?
The user found that in one of the podesta emails, an image tested positive to a steganography method called JPHIDE. In non technical terms this means that hidden data (text message, other image, or any other file) has been intentionally encoded in the image itself. If someone managed to find the password, he or she would have access to the hidden data, which in turn could potentially be a smoking gun.
view the rest of the comments →
Vigilia_Procuratio ago
SpyHunter?? This SpyHunter?
http://www.csoonline.com/article/3029975/techology-business/spyhunter-anti-malware-maker-files-lawsuit-over-bad-review.html
Seriously, I'll trust Bleeping Computer all the way over that crap. That program was well known in the malware removal communities about 10 years ago for throwing false positives and fake removals in order to trick users into paying for the licence. I think it was also reported to be using other products' detection databases. I'm not saying this particular detection was wrong, I don't know, but either way that product is not well regarded in the security fields.
privatepizza ago
Great, what do you suggest here?
Vigilia_Procuratio ago
Nothing. I was thinking of another program, it's all good.
newworldahead ago
No, it's not the same program. Here is the program I used: http://spy-hunter.com/stegspy
Edit: The actual program name is StegSpy and it is not from "Enigma Software".
Vigilia_Procuratio ago
Ooooh, okay then. That's a completely different thing altogether. Sorry, as soon as I saw SpyHunter it threw me back some years because I remember the Enigma Software name.
StegSpy looks perfectly legit...
https://www.virustotal.com/en/file/2ba090e6829278b9e5a56dd3a8855df8eb112abaa0cfbb8a16f1a05210d263a9/analysis/
Two heuristic detections out of 61, nothing unusual about that in my humble opinion.
Okay, Symantec and Trend both flag it as suspicious, but that's probably due to the way it looks at a file. I'm not sure you could create a steganography detection program and not have it flagged by an AV, this is probably normal.
newworldahead ago
Wow, thanks for this analysis and also for mentioning the other software! It allowed me to edit the post and clarify that I didn't use that particular product.
Vigilia_Procuratio ago
Bleeping Computer were spot on with reporting on the Enigma SpyHunter in my opinion. I did a fair bit of malware removal about a decade ago and BP is one place where I did some volunteering. That program is one we used to look out for because it would report on crap that wasn't even on the computer at all but also not detect real malware, this was a common trend back then so we were on top of it. Who knows if they've changed their business model since then, but I certainly won't be trusting it in a hurry. So yeah, it's probably best that people don't accidentally download that instead.