JavaScript Botnet Sheds Light On Criminal Activity

CowboyRobot writes "Informatica64, a security research group, demonstrated the use of cached JavaScript to control computers connecting to a malicious proxy. 'The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.'"

Really?

[Darkness404]

It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.

Really? How about them using it to eavesdrop on -everyone- regardless on if it is "criminal" or not. Plus, I'm sure governments have more invasive methods rather than just this.

Re:Really?

I was at this presentation-- it was a public access proxy. If you're going to risk sending information over a proxy *you do not run* then that is your own mistake.

Re:uh... only if you run it

[Culture20]

Nobody in their right mind runs javascript from random sites any more

Nobody cares except computer security professionals. Sure, I run noscript, adblock, and requestpolicy in FF, but no one else I know does unless I force them. Tons of sysadmins and low-level techs in the IT field don't even bother or know why they should care. So people who should have a clue are still running javascript (and flash, pdfs, and random exploit laden images from web ads) from random sites. What do you think that means about non-IT folk? They're all doing it, and only changing the browser defaults will do anything about it.