Slashdot Mirror

← Back to Stories (view on slashdot.org)

JavaScript Botnet Sheds Light On Criminal Activity

Posted by samzenpus on from the surfing-dirty dept.

CowboyRobot writes "Informatica64, a security research group, demonstrated the use of cached JavaScript to control computers connecting to a malicious proxy. 'The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.'"

6 of 50 comments (clear)

  1. Really? by Darkness404 · · Score: 4, Insightful

    It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.

    Really? How about them using it to eavesdrop on -everyone- regardless on if it is "criminal" or not. Plus, I'm sure governments have more invasive methods rather than just this.

    --
    Taxation is legalized theft, no more, no less.
  2. This should shut down the naysayers by Anonymous Coward · · Score: 5, Funny

    Yep, this is proof... Javascript is a real programming language.

  3. Wrong again Slashdot by Anonymous Coward · · Score: 5, Funny

    "... and another fraudster selling nonexistent Yorkshire Terriers.'"

    Bullshit. Yorkshire Terriers most certainly exist.

  4. But... non-existant Yorkies are the best! by Anonymous Coward · · Score: 5, Funny

    It shouldn't be a crime to sell non-existant Yorkies. Just think of the ensuing peace and quiet of neighbors, because the would-be purchaser no longer has the cash for a real one. That man owes society nothing. Yay, society should reward him for performing such a public service.

  5. implication for corporate networks by tofupup · · Score: 4, Interesting

    i saw the talk a def con this weekend.

    one of my take ways from this talk is when certain sites such as youtube/imgur/slashdot/reddit are
    black listed due to corporate IT guidelines people often go to proxies to circumvent
    this. So the net effect of black listing popular sites (besides being a pain) is to make your
    network less secure.

    imho ... wasted banwidth is better than getting hacked.

  6. Re:uh... only if you run it by Culture20 · · Score: 4, Insightful

    Nobody in their right mind runs javascript from random sites any more

    Nobody cares except computer security professionals. Sure, I run noscript, adblock, and requestpolicy in FF, but no one else I know does unless I force them. Tons of sysadmins and low-level techs in the IT field don't even bother or know why they should care. So people who should have a clue are still running javascript (and flash, pdfs, and random exploit laden images from web ads) from random sites. What do you think that means about non-IT folk? They're all doing it, and only changing the browser defaults will do anything about it.