The difference between overt and covert channels is that an overt channel is put in place by design and represents the legitimate or intended way for the system or process to be used, whereas a covert channel uses a system or process in a way that it was not intended to be used.
Software such as trojans often uses covert channels to stay out of sight and hidden while they send or receive information or instructions from the attacking party. Using covert channels means the information or communication may be able to slip past detective mechanisms that are not designed or positioned to be aware of or look for such behavior.

Tools that use covert channels are include the following...

Loki
This was originally designed to be a Proof of Concept (PoC) on how ICMP can be used as a covert channel. Loki passes information included inside ICMP echo packets, which can carry a data payload but typically do not. Because the ability to carry data is rarely used inside ICMP echo packets, this makes an ideal covert channel. Finding information you are not looking for is almost impossible.

ICMP backdoor
This backdoor uses ICMP replies th transfer information between the target system and the attacking party.

007Shell
This tool uses ICMP packets to send information, but goes the extra step of formatting the packets so they are of normal size.

B0CK
This backdoor uses Internet Group Management Protocol (IGMP) packets for communication between the target system and the attacking party.

Reverse World Wide Web Tunneling Shell
This tool creates a covert channel through firewalls and proxies by masquerading as normal web traffic.

AckCmd
This tool provides a command shell on the Windows operating system. It is communicating using TCP ACK packets which enables the covert channel to pass routers with Access Control Lists (ACLs).