(via)Boing Boing hat geschrieben:Russian malware communicates by leaving comments in Britney Spears's Instagram account
A key weakness in malicious software is the "Command and Control" (C&C) system: a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server's address, and then shut it down or blacklist it from corporate routers.
Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests -- suggesting that they are either a part of the Russian espionage system, or contracting to it.
A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears's Instagram whenever they need to know where the C&C server is currently residing.
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram [Jean-Ian Boutin/We Live Security]The extension will look at each photo's comment and will compute a custom hash value. If the hash matches 183, it will then run this regular expression on the comment in order to obtain the path of the bit.ly URL:
(?:\\u200d(?:#|@)(\\w)
Looking at the photo's comments, there was only one for which the hash matches 183. This comment was posted on February 6, while the original photo was posted in early January. Taking the comment and running it through the regex, you get the following bit.ly URL:
http://bit.ly/2kdhuHX
Looking a bit more closely at the regular expression, we see it is looking for either @|# or the Unicode character \200d. This character is actually a non-printable character called 'Zero Width Joiner,' normally used to separate emojis. Pasting the actual comment or looking at its source, you can see that this character precedes each character that makes the path of the bit.ly URL:
smith2155#2hot make loveid to her, uupss #Hot #X
When resolving this shortened link, it leads to static.travelclothes.org/dolR_1ert.php, which was used in the past as a watering hole C&C by the Turla crew.
You’ll never guess where Russian spies are hiding their control servers [Dan Goodin/Ars Technica]
(via 4 Short Links)
Finstere, aber lustige Technomagie
- Bwana Honolulu
- Hausmeistens|Hausmeister|Hausmeisterin
- Beiträge: 12202
- Registriert: 8. September 2010, 10:10
- Disorganisation: Aktion 23, Zimmer523, GEFGAEFHB, ddR, Fractal Cult, EHNIX, The ASSBUTT
- Wohnort: leicht verschoben
- Pronomen: er/ihm
- Kontaktdaten:
Finstere, aber lustige Technomagie
Wenn ich schon der Affe bin, dann will ich der Affe sein, der dem Engel auf's Maul haut.
‒✴△♀ ✴ө△ʘ!
Seine Quasarische Sphärizität, der Bwana Honolulu,‒✴△♀ ✴ө△ʘ!
Überbefehlshabender des Selbstmordkommandos Ω−,
Herrscher über alles, alles andere und wieder nichts,
Urgroßpapapapst und Metagottkaiser in Zimmer523,
Grand Admirakel der berittenen Marinekavallerie zur See,
Reichsminister für Popularpodicifikation,
Hüter des Heiligen Q.
- fehlgeleitet
- Ausgetreten|Ausgetreten|Ausgetreten
- Beiträge: 2774
- Registriert: 15. November 2015, 18:04
Re: Finstere, aber lustige Technomagie
http://www.zeit.de/digital/internet/201 ... ettansicht
Hack einer DNA-Analyse mit Spucke, die Malware enthält.
Hack einer DNA-Analyse mit Spucke, die Malware enthält.
"Die Lehre vcn Marx ist allmächtig, weil sie wahr ist" (Lenin)
"Ideologiekrtiker setzen alle Hebel in Bewegung, um die Leute davon abzubringen, an eine jüdisch-bolschewistische Weltverschwörung zu glauben; wir derweil arbeiten an eben dieser." (Marlon Grohn)
"Ideologiekrtiker setzen alle Hebel in Bewegung, um die Leute davon abzubringen, an eine jüdisch-bolschewistische Weltverschwörung zu glauben; wir derweil arbeiten an eben dieser." (Marlon Grohn)
- Bwana Honolulu
- Hausmeistens|Hausmeister|Hausmeisterin
- Beiträge: 12202
- Registriert: 8. September 2010, 10:10
- Disorganisation: Aktion 23, Zimmer523, GEFGAEFHB, ddR, Fractal Cult, EHNIX, The ASSBUTT
- Wohnort: leicht verschoben
- Pronomen: er/ihm
- Kontaktdaten:
Re: Finstere, aber lustige Technomagie
Suicide Linux - ein System, das jede Fehleingabe mit einem rm -rf / quittiert.
[BBvideo 640,390][/BBvideo]
[BBvideo 640,390][/BBvideo]
You know how sometimes if you mistype a filename in Bash, it corrects your spelling and runs the command anyway? Such as when changing directory, or opening a file.
I have invented Suicide Linux. Any time - any time - you type any remotely incorrect command, the interpreter creatively resolves it into rm -rf / and wipes your hard drive.
It's a game. Like walking a tightrope. You have to see how long you can continue to use the operating system before losing all your data.
Wenn ich schon der Affe bin, dann will ich der Affe sein, der dem Engel auf's Maul haut.
‒✴△♀ ✴ө△ʘ!
Seine Quasarische Sphärizität, der Bwana Honolulu,‒✴△♀ ✴ө△ʘ!
Überbefehlshabender des Selbstmordkommandos Ω−,
Herrscher über alles, alles andere und wieder nichts,
Urgroßpapapapst und Metagottkaiser in Zimmer523,
Grand Admirakel der berittenen Marinekavallerie zur See,
Reichsminister für Popularpodicifikation,
Hüter des Heiligen Q.