Phishing Blast Uses Dropbox To Target Hong Kong Journalists

itwbennett writes: Researchers at FireEye have disclosed an ongoing Phishing campaign targeting pro-democracy media organizations in Hong Kong that's using Dropbox storage services as a command and control (C2) hub, writes CSO's Steve Ragan. 'The attacks are using basic emails trapped with documents that deliver a malware payload called LowBall,' says Ragan. 'LowBall is a basic backdoor that uses a legitimate Dropbox storage account to act as a C2.'

Hong Kong

Isn't that the Anglo name? What's it called in Hong Kong?

Re:Hong Kong

[Coren22]

Slashdot doesn't have Unicode support, so as China uses characters, they wouldn't come across.

According to Wikipedia, it is (; "Fragrant Harbour")

Re:Hong Kong

[gstoddart]

The meaning aside, "Hong Kong" is as close as possible to the actual Cantonese name:

The name "Hong Kong" is an approximate phonetic rendering of the pronunciation of the spoken Cantonese or Hakka name

So, it's not like it was just given an Anglo name, it was pretty close to the actual Cantonese, give or take what we could pronounce.

It's not like they call it Larry or anything like that.

"targeting pro-democracy media organizations in Ho

Gosh, who would stand to benefit from their loss? Or, who would gain in P.R. from the 'attack'?

Mac

If only they were using Mac OS X. This would not happen.

App appers who app other apps get apped!

Apps!

Huh?

"LowBall is a basic backdoor that uses a legitimate Dropbox storage account to act as a C2. The malware uses the Dropbox API with a hardcoded bearer access token and can upload, download, and execute files."

So it's part of Dropbox's API to execute files on a remote machine? What. The. Fuck.

This article illustrates a major weakness of /.

Ingeniously, the submitter-spammer created the title link pointing to the blogspam at csoonline.com, while burying the link to the real story (the actual, no-bullshit security analysis) at fireeye.com in the submitted text. While the human reader (assuming RTFA) may perhaps be not biased against taking the latter one, the title link, although without any rel= attribute, has class attribute "story-sourcelnk", which will likely induce a typical search engine AI to assign the semantics "source" (or similar) to the role of the link, hence boosting the target, spam site csoonline's ratings.

On slashdot, another regular submitter-spammer is StartsWithABang, with its links to the ad-infested spam site forbes.com, which is designed to break the logical semantics of hyperlinks and to force the readers to open the so-called "story" by first going through a landing page. The "story" itself, again, is at best blogspam that re-narrates another story without adding any new knowledge or insight.

Remember the days when the (late) prolific blogger Roland Piquepaille (rpiquepa) used to submit articles pointing to his own blog entries that indirectly reported on other news stories. Although the quality of Roland's writings was, in today's standard, far above slashdot average, such behavior used to generate the ire of slashdot readership who would assign, with ignomity, the tag "dierolanddie" to his submissions.

Reading the slashdot obituary of Roland (http://meta.slashdot.org/story/09/01/09/1456216/roland-piquepaille-dies) and its comments, it is clear how less the remnant of the slashdot community cares about the quality of the submissions now, compared to how it used to do in Roland's times.

If one reads further down the comments, it is even apparent that the (former) editor, kdawson, who was once widely reviled as an editor-troll, personally verified the news of Roland's death before posting it. This level of editorial integrity, although a basic prerequisite of the content custodian's post, is nowhere to be seem in today's so-called editors, who have consistently demonstrated their unwillingness to basic content screening, the reluctance to say "no" to blatant blogspams in the submission, and the apathy towards the intellectual satisfaction of the readers.

Formerly a hub of information, slashdot has regressed into a nexus of spam and traffic-manipulation SEO hacks.

I wish to call on the remaining editors of slashdot to reflect upon this change and to take a little time cherishing the memory of what has been lost. You were once part of the fond memory (if not collective unconsciousness) of the community, and you used to wield significant power of discretion and disposition, despite imperfections, for the benefit of the readers and the greater Internet. You cannot say honestly that you are satisfied with the current situation which is by no means even a shadow of its former self. It is within your ability, in spite of corporate entanglements, to begin regaining recognition, and most importantly readers' trust, by rejecting frequent spammers like itwbennett and StartsWithABang, and favor submissions that offer direct links to original content, and refrain from linking to mass-produced, second-hand, self-centered parodies of "information".

The road to success is accessed by aligning your interests with those of the readers, within whom there is naturally a force of self-betterment by absorbing information worthy of intellectual digestion. You have deviated from that road, down to the wasteland of oblivion, and I hope you will regain your lost steps.

Dropbox ongoing phishing campaign ..

[nickweller]

'The attacks are using basic emails trapped with documents that deliver a malware payload called LowBall'

Do these email trapping documents work on anything else except Microsoft Windows?

Coren22: Tell us of "Bolting on 'MoAr'", lol

YOU BLEW IT BADLY HERE especially -> http://slashdot.org/comments.p...

See subject & my last post you replied to Coren22: BIND doesn't come w/ Windows, the most used OS there is by the most folks on the desktop!

(LMAO - I own you... YOU, have been DOMINATED!)

APK

P.S.=> You're efficiency is poor - Less IS truly MORE in using what you already have (hosts + firewalls) as I do, & to do more with less... apk

Coren22's impersonation "APKolypse"

Coren22 IMPERSONATES RESPECTED MEMBERS OF THE SECURITY COMMUNITY http://slashdot.org/comments.p...

---

"privilege escalation's a bad thing" - by Coren22 on Tuesday September 22, 2015

How else programmatically update it?

"requires elevation to write hosts" - by Coren22 (1625475) on Wednesday September 23, 2015

Hypocrite later admits it - hosts do vs. WFP/SFP not my ware. Users set it not programmatic impersonation. Security wares need it.

---

"secretary at MalwareBytes took a look at his source code & said it looked all good" - by Coren22 (1625475) on Wednesday November 18, 2015

Mr. Steven Burn of Malwarebytes

"yes I've seen the code & yes it is safe." FROM http://forum.hosts-file.net/vi...

---

"we should avoid your crap it looks like malware." - by Coren22 (1625475) on Monday November 02, 2015 @03:52PM (#50850445)

60++ reputable sources say different:

64-bit model https://www.virustotal.com/en/...

+

32-bit model https://www.virustotal.com/en/...

&

Installer-> http://f.virscan.org/APKHostsF...

MalwareBytes' hpHosts Admin (MalwareBytes employee) hosts & recommends it -> http://hosts-file.net/?s=Downl...

---

"MiTM... his software provides" - by Coren22 (1625475) on Wednesday November 18, 2015

Hardcoded favs users provide = REVERSE DNS verified & my ware filters 5,500++ false positives - security site hosts data = false positives filtered.

---

"Apk doesn't think DNS servers are worth running & believes Microsoft Active Directory can run w/out DNS." - by Coren22 (1625475) on Tuesday October 27, 2015

Show us where I say it? Not illogic logic but where I say it. I say AD needs internal DNS far back as 2007

http://forums.tweaktown.com/wi...

See "To warn users who have ActiveDirectory/AD LAN-WAN setups to NOT use external DNS servers" there.

APK

P.S.=>

"modding you down for trolling in your signature" - by Dog-Cow (21281) on Wednesday November 25, 2015

Dog-Cow's (old acc't. no new sockpuppet from you) thoughts of your signatures about me

... apk