Russian malware communicates by leaving comments in Britney Spears's Instagram account


#1

Originally published at: http://boingboing.net/2017/06/07/watering-holes.html


#2

Well that’s clever.


#3

I’m not even mad, I’m impressed. That is extremely clever.


#4

Yup. Novel and new, but in the past things like IRC channels, XMPP users, AIM users, etc. all have been used for C&C channels. Very much an evolution, and authors thinking, “where, where else can we put this stuff?”


#5

Well they are not going to be using for much longer now…


#6

Agreed. I consider myself an out of the box thinker but this makes me step back and say


#7

This explains all YouTube comments


#8

Aah, but Teresa May is to be the new sheriff, and she’s gonna clean up Internet Town, she sure is, I betcha. A couple of new laws and all this stuff is gonna be history…

…my arse.


#9

So many key rotation opportunities - different accounts, false trails, etc.

But the surface vector is really low - Instagram could just strip all zero-width-characters from their comments with a single API update.


#10

Thi‍S is inter‍Esti‍Ng, but har‍Dly a ‍New form of comm‍Unication for malware. In‍Deed, w‍Ebsite comment thread‍S have been used this way for years.


#11

Steganography is sad.


#12


#13

Oops, they did it again.


#14

…and then break all the languages, like arabic, which rely on zero width characters.


#15

reminds me of the old site about Brittney teaching physics - - http://britneyspears.ac/lasers.htm


#16

You are assuming they or indeed any large company gives a damn, has the tech chops to understand what you just said (at management levels) and can be convinced/forced to spend even ten cents on something that isn’t a profit center.

People can’t get some of these places to install basic security patches let alone actually write custom code for someone else’s benefit.


#17

Britney Spears and Instagram.

Excellent! Never been there. Never done that.


#18

Feature, not a bug? #PoesLaw


#19

Yeah, Instagram has like 50 employees, they’re not really a “large” company. And their CTO wrote Instagram, he’s got tech chops.


#20

That is a tough technical trick there. Think of all the properties that message needs to met 1) encodes the new URL 2) hides the URL 3) looks like a normal post 4) hashes to a specific value. I am really interested in the algorithms and compute time required to generate such a message. It feels like it would be hard to forge such a message.