Originally published at: http://boingboing.net/2017/06/07/watering-holes.html
…
Russian malware communicates by leaving comments in Britney Spears's Instagram account
Yup. Novel and new, but in the past things like IRC channels, XMPP users, AIM users, etc. all have been used for C&C channels. Very much an evolution, and authors thinking, “where, where else can we put this stuff?”
Agreed. I consider myself an out of the box thinker but this makes me step back and say
Aah, but Teresa May is to be the new sheriff, and she’s gonna clean up Internet Town, she sure is, I betcha. A couple of new laws and all this stuff is gonna be history…
…my arse.
So many key rotation opportunities - different accounts, false trails, etc.
But the surface vector is really low - Instagram could just strip all zero-width-characters from their comments with a single API update.
ThiS is interEstiNg, but harDly a New form of commUnication for malware. InDeed, wEbsite comment threadS have been used this way for years.
reminds me of the old site about Brittney teaching physics - - http://britneyspears.ac/lasers.htm
You are assuming they or indeed any large company gives a damn, has the tech chops to understand what you just said (at management levels) and can be convinced/forced to spend even ten cents on something that isn’t a profit center.
People can’t get some of these places to install basic security patches let alone actually write custom code for someone else’s benefit.
Yeah, Instagram has like 50 employees, they’re not really a “large” company. And their CTO wrote Instagram, he’s got tech chops.
That is a tough technical trick there. Think of all the properties that message needs to met 1) encodes the new URL 2) hides the URL 3) looks like a normal post 4) hashes to a specific value. I am really interested in the algorithms and compute time required to generate such a message. It feels like it would be hard to forge such a message.