The Alureon rootkit uses steganography to hide configuration files to update infected machines with new instructions. The malware has a new function that goes out to a remote Web site and downloads a new component called com32 The rootkit then tries to pull down the JPEGs, and along with the image data comes a long string of characters that looks to be a password of some kind. Steganography usage is just the latest in a line of new features added to the malware in the last few months.
Source: https://threatpost.com/alureon-rootkit-morphs-again-adds-steganography-092611/75688/