Russian Hackers Testing Malware With Britney Spears's Instagram. In an impressive bit of cyber- sleuthing, security researchers have discovered that a nasty piece of malware was being tested by a Russian- speaking hacker group and it was using the comment section of Britney Spears’s Instagram as a way to call home. Turla is a hacking group that specializes in using malware for the purposes of espionage. The fancy name for the collective is an advanced persistent threat group. Researchers from ESET report that they’ve recently discovered a backdoor trojan that appears to have been created by the group, but it hasn’t been deployed on a wide scale yet. The malware itself isn’t particularly mindblowing. It uses a Firefox extension to create a backdoor that gives an attacker complete access to a target’s computer. The researchers believe it could be an adaptation of the Pacifier APT that was spread via Microsoft Word docs back in 2. Turla is known to use “watering holes” or compromised sites that their targets are likely to visit for distributing its malware. This particular trojan was discovered on a Swiss security company’s website. Visitors to the site would be asked to install the extension with the benign name “HTML5 Encoder.”But the real innovation, in this case, is the hackers using social media to contact their malware’s command and control (C& C) servers. These servers send instructions and act as a repository for stolen information. Using an encoded coded comment on Britney Spears Instagram post, the malware could find out what URL to use to meet up with the server without actually including that information in the code of the malware itself. The malware was directed to scroll through the comments on Spears’s photos and search for one that had a specific hash value. As you can see, the comment in question isn’t exactly a normal post but it passes as basic spam and no one would give it a second thought. But if you copy and paste it, you’ll find that it uses the Unicode character \2. Hot< 2. 00d > #X. When the malware finds the comment it was told to look for, it converts it into this Bitly link: http: //bit. HX. The shortened link resolves to a site that’s known to be a Turla watering hole. Directory of free Wi-Fi locations in Colorado. Wi-Fi-FreeSpot Directory - locations that offer Free Wi-Fi. Every attempt is made to keep this Directory accurate. Who's Who list by name, surname beginning with A. Aadnesen, Chris - CEO of Estonian Railways; CEO of Alaska Railroad 2010-2013. Abbot, Amos (1786-1868) - A founder in. This is a stealthy way of making sure that the C& C can be changed without having to change the malware. If the attackers want to create a new meetup, they just have to delete the comment and put in a new one with the same hash value. ESET has been in contact with Firefox’s developers and they’re currently working on a fix so that the extension won’t work anymore. And Miss Spears will probably never know that her photo came close to being used in international espionage. ![]() ![]() Search the world's information, including webpages, images, videos and more. Google has many special features to help you find exactly what you're looking for. ![]() ![]() On Saturday night, three men used a large van to attack pedestrians on London Bridge, exited the vehicle with knives, stabbed more victims and were eventually shot by. Major Currency Pairs Forex Quotes - forex.tradingcharts.com forex.tradingcharts.com/quotes/major Each entry is formatted: Docket Number - Case Name (Filing Date) Published cases are indicated by ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |