Russian malware communicates by leaving comments in Britney Spears's Instagram account

doctorow · 2017-06-08 01:46:45 UTC

Originally published at: http://boingboing.net/2017/06/07/watering-holes.html

…

ficuswhisperer · 2017-06-07 16:59:25 UTC

Well that’s clever.

g_wat · 2017-06-07 17:01:27 UTC

I’m not even mad, I’m impressed. That is extremely clever.

ActuallyARegular · 2017-06-07 17:03:30 UTC

Yup. Novel and new, but in the past things like IRC channels, XMPP users, AIM users, etc. all have been used for C&C channels. Very much an evolution, and authors thinking, “where, where else can we put this stuff?”

TobinL · 2017-06-07 17:04:07 UTC

Well they are not going to be using for much longer now…

ficuswhisperer · 2017-06-07 17:09:21 UTC

Agreed. I consider myself an out of the box thinker but this makes me step back and say

anonymous86 · 2017-06-07 17:08:19 UTC

This explains all YouTube comments

Richard_Kirk · 2017-06-08 09:36:23 UTC

Aah, but Teresa May is to be the new sheriff, and she’s gonna clean up Internet Town, she sure is, I betcha. A couple of new laws and all this stuff is gonna be history…

…my arse.

kthejoker · 2017-06-07 17:22:18 UTC

So many key rotation opportunities - different accounts, false trails, etc.

But the surface vector is really low - Instagram could just strip all zero-width-characters from their comments with a single API update.

semiotix · 2017-06-07 17:22:31 UTC

Thi‍S is inter‍Esti‍Ng, but har‍Dly a ‍New form of comm‍Unication for malware. In‍Deed, w‍Ebsite comment thread‍S have been used this way for years.

Akimbo_NOT · 2017-06-07 17:29:07 UTC

Steganography is sad.

Medievalist · 2017-06-07 17:35:20 UTC

c48fb42bbf6d108a44c6c9cf48cd209c.jpg736×736 105 KB

angusm · 2017-06-07 17:31:56 UTC

Oops, they did it again.

tekk · 2017-06-07 18:07:33 UTC

…and then break all the languages, like arabic, which rely on zero width characters.

cstatman · 2017-06-07 18:21:57 UTC

reminds me of the old site about Brittney teaching physics - - http://britneyspears.ac/lasers.htm

jimp · 2017-06-07 18:35:40 UTC

You are assuming they or indeed any large company gives a damn, has the tech chops to understand what you just said (at management levels) and can be convinced/forced to spend even ten cents on something that isn’t a profit center.

People can’t get some of these places to install basic security patches let alone actually write custom code for someone else’s benefit.

hecep · 2017-06-07 18:43:50 UTC

Britney Spears and Instagram.

Excellent! Never been there. Never done that.

kthejoker · 2017-06-07 18:47:17 UTC

Feature, not a bug? #PoesLaw

kthejoker · 2017-06-07 18:50:09 UTC

Yeah, Instagram has like 50 employees, they’re not really a “large” company. And their CTO wrote Instagram, he’s got tech chops.

MrWoods · 2017-06-07 19:08:02 UTC

That is a tough technical trick there. Think of all the properties that message needs to met 1) encodes the new URL 2) hides the URL 3) looks like a normal post 4) hashes to a specific value. I am really interested in the algorithms and compute time required to generate such a message. It feels like it would be hard to forge such a message.