The document summarizes the Hammertoss malware which uses steganography to hide encrypted commands in the insignificant EOF section of JPEG images. It decrypts the commands by using a salt from a hashtag tweet along with a hardcoded key. The malware uses the InternetExplorer COM object to download images from tweeted URLs and searches the browser cache to locate and decrypt the hidden commands for execution.