Russian malware communicates by leaving comments in Britney Spears's Instagram account

doctorow 2017-06-07 16:56:56 UTC #1

Originally published at: http://boingboing.net/2017/06/07/watering-holes.html

…

ficuswhisperer 2017-06-07 16:59:25 UTC #2

Well that's clever.

g_wat 2017-06-07 17:01:27 UTC #3

I'm not even mad, I'm impressed. That is extremely clever.

ActuallyARegular 2017-06-07 17:03:30 UTC #4

Yup. Novel and new, but in the past things like IRC channels, XMPP users, AIM users, etc. all have been used for C&C channels. Very much an evolution, and authors thinking, "where, where else can we put this stuff?"

TobinL 2017-06-07 17:04:07 UTC #5

Well they are not going to be using for much longer now...

ficuswhisperer 2017-06-07 17:04:11 UTC #6

Agreed. I consider myself an out of the box thinker but this makes me step back and say

anonymous86 2017-06-07 17:08:19 UTC #7

This explains all YouTube comments

Richard_Kirk 2017-06-07 17:11:36 UTC #8

Aah, but Teresa May is to be the new sheriff, and she's gonna clean up Internet Town, she sure is, I betcha. A couple of new laws and all this stuff is gonna be history...

...my arse.

kthejoker 2017-06-07 17:22:18 UTC #9

So many key rotation opportunities - different accounts, false trails, etc.

But the surface vector is really low - Instagram could just strip all zero-width-characters from their comments with a single API update.

semiotix 2017-06-07 17:22:31 UTC #10

Thi‍S is inter‍Esti‍Ng, but har‍Dly a ‍New form of comm‍Unication for malware. In‍Deed, w‍Ebsite comment thread‍S have been used this way for years.

Akimbo_NOT 2017-06-07 17:29:07 UTC #11

Steganography is sad.

Medievalist 2017-06-07 17:30:03 UTC #12

angusm 2017-06-07 17:31:56 UTC #13

Oops, they did it again.

tekk 2017-06-07 18:07:33 UTC #14

....and then break all the languages, like arabic, which rely on zero width characters.

cstatman 2017-06-07 18:21:57 UTC #15

reminds me of the old site about Brittney teaching physics - - http://britneyspears.ac/lasers.htm

jimp 2017-06-07 18:35:40 UTC #16

You are assuming they or indeed any large company gives a damn, has the tech chops to understand what you just said (at management levels) and can be convinced/forced to spend even ten cents on something that isn't a profit center.

People can't get some of these places to install basic security patches let alone actually write custom code for someone else's benefit.

hecep 2017-06-07 18:43:50 UTC #17

Britney Spears and Instagram.

Excellent! Never been there. Never done that.

kthejoker 2017-06-07 18:47:17 UTC #18

Feature, not a bug? #PoesLaw

kthejoker 2017-06-07 18:50:09 UTC #19

Yeah, Instagram has like 50 employees, they're not really a "large" company. And their CTO wrote Instagram, he's got tech chops.

MrWoods 2017-06-07 19:07:53 UTC #20

That is a tough technical trick there. Think of all the properties that message needs to met 1) encodes the new URL 2) hides the URL 3) looks like a normal post 4) hashes to a specific value. I am really interested in the algorithms and compute time required to generate such a message. It feels like it would be hard to forge such a message.