Slashdot Mirror

← Back to Stories (view on slashdot.org)

Russian Malware Communicates Using Britney Spears's Instagram Account (welivesecurity.com)

Posted by BeauHD on from the watering-hold-campaign dept.

JustAnotherOldGuy writes: A key weakness in malicious software is the "Command and Control" (C&C) system -- a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server's address, and then shut it down. Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests. A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears' Instagram whenever they need to know where the C&C server is currently residing.

54 comments

  1. Nothing to see by Anonymous Coward · · Score: 0

    YM9gtsXkFn9AnYoUWD6nfRX8zRAuXqHXNjk0==

    1. Re:Nothing to see by jfdavis668 · · Score: 2

      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

    2. Re: Nothing to see by Anonymous Coward · · Score: 0

      Thanks for the SMB game genie code. You are a life saver.

    3. Re: Nothing to see by Anonymous Coward · · Score: 0

      Wow I had lost those memories!

  2. OMG, it all makes sense now by Anonymous Coward · · Score: 0

    Britney Spears hacked the election!

    1. Re:OMG, it all makes sense now by Anonymous Coward · · Score: 0

      Russians hacked my refrigerator and made my milk spoil early!

    2. Re:OMG, it all makes sense now by Anonymous Coward · · Score: 0

      It was for the benefit for the Russian Federation that your milk is spoiled. Now you have buy new milk from their suppliers that are owned by the GRU generals. Or else.

    3. Re:OMG, it all makes sense now by Anonymous Coward · · Score: 0

      IN SOVIET RUSSIA, your refrigerator hacks YOU!

      And milk makes YOU spoil early!

      What a country!

    4. Re:OMG, it all makes sense now by Paradise+Pete · · Score: 1

      Now you have buy new milk from their suppliers that are owned by the GRU generals.

      I was once eaten by a GRU. I don't think it was carrying any milk though.

    5. Re:OMG, it all makes sense now by K.+S.+Kyosuke · · Score: 1

      And milk makes YOU spoil early!

      No, that's China and their melamine milk.

      --
      Ezekiel 23:20
    6. Re: OMG, it all makes sense now by Anonymous Coward · · Score: 0

      I use GRU/Linux

    7. Re:OMG, it all makes sense now by gnick · · Score: 1

      It must have been dark. When it is pitch dark, you are likely to be eaten by a grue.

      --
      He's getting rather old, but he's a good mouse.
  3. Good use for it by jfdavis668 · · Score: 1

    I don't think anyone else if following it.

    1. Re:Good use for it by war4peace · · Score: 1

      You forgot the Then and the Else.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    2. Re:Good use for it by war4peace · · Score: 1

      Well, okay, only the Else.

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    3. Re:Good use for it by war4peace · · Score: 2

      No, wait, only the Then. Conditionals are hard, man...

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
    4. Re:Good use for it by jfdavis668 · · Score: 1

      If only I spelled "is" correctly, otherwise I get roundly ridiculed.

    5. Re:Good use for it by Anonymous Coward · · Score: 0

      I could see this evolving in the future to software on your computer simply looking everywhere on the internet for pictures of Britney Spears (use some image recognition algorithms), then commenting data gibberish where they appear. In other words, make it resistant to Britney Spears simply shutting down her Twitter account/etc. She'd essentially have to disappear from the internet to stop the virus. And that's just fine by me!

    6. Re:Good use for it by war4peace · · Score: 1

      C'mon, I was thirsty for a bad joke, and since nobody provided, I had to invent my own :)

      --
      ...gis sdrawkcab (usually not responding to ACs; don't bother posting as AC)
  4. I demand... by OpenSourced · · Score: 2, Funny

    ...that the links of Britney Spears with the Russian counterintelligence and propaganda units are investigated.

    --
    Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
    1. Re:I demand... by Anonymous Coward · · Score: 1

      Britney Spears is the reason Hillary lost!

    2. Re:I demand... by Anonymous Coward · · Score: 0

      So Goatse is the reason Trump won? Dammmmn.

    3. Re: I demand... by Anonymous Coward · · Score: 0

      We need somebody with a mouth like that?

  5. Whoa by beep54 · · Score: 4, Funny

    This is funny, nifty and frightening, all at the same time!

    1. Re:Whoa by locotx · · Score: 5, Funny

      Sorta like Britney Spears

  6. Woah! by Frosty+Piss · · Score: 3, Funny

    The Russians compromise yet another Great American! WHEN WILL IT ALL END?

    --
    If you want news from today, you have to come back tomorrow.
    1. Re: Woah! by Spicy-korsair25 · · Score: 1

      Then explain Kanye West. If the Russians aren't controlling him, who is? The Chinese? North Koreans? Aliens?

    2. Re: Woah! by Anonymous Coward · · Score: 0

      Cats. It has to be cats... Russian cats?

    3. Re: Woah! by Anonymous Coward · · Score: 0

      Those Egyptian hairless cats. They are retaking their throne as gods of earth.

    4. Re: Woah! by Opportunist · · Score: 1

      Nobody.

      Simple logic. Controlling something, even the most insignificant, simplest of things, requires resources. Now ponder who would waste, well, anything on THAT.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  7. Britney Spears... by 93+Escort+Wagon · · Score: 2

    Evil Mastermind.

    --
    #DeleteChrome
  8. Oops by Anonymous Coward · · Score: 0

    I done it again...

  9. Obligatory... by R3d+M3rcury · · Score: 5, Funny

    Leave Britney Alone!

    Sorry.

    1. Re:Obligatory... by ausekilis · · Score: 1

      How dare YOU, sir. The humanity.

  10. I'm not a girl... by king+neckbeard · · Score: 1

    I'm not a girl, not yet a botnet.

    --
    This is my signature. There are many like it, but this one is mine.
  11. OOPS! by Anonymous Coward · · Score: 0

    They did it again.

  12. Oops by Anonymous Coward · · Score: 0

    I did it again.

  13. Awesome :D by Anonymous Coward · · Score: 1

    That's actually a really good idea. Bonus if they use some kind of steganographic algorithm (perhaps for any word with more than 2 letters, an even number of vowels = 0, odd = 1), making it impossible to moderate or screen comments. More celebrities social network feeds should be used in this way!

    01010101 = You and I should play some musical games baby :D

    I should patent this.

    1. Re:Awesome :D by Anonymous Coward · · Score: 0

      from TFA it sounded like it was a 2 fold thing. First they made it so when the message was hashed it came out to a particular number and then used a unicode non-displayed joiner symbol in front of each of the letters that was part of the extracted url, so it could be pulled out with a simple regex.

  14. Apostrophe catastrophe by Anonymous Coward · · Score: 2, Funny

    Sigh... Britney Spears' Instagram account, not Britney Spears's Instagram account. You got it right in the summary at least.

    1. Re:Apostrophe catastrophe by Daetrin · · Score: 1

      The extra "s" was part of the encrypted message to our new Russian overlords.

      --
      This Space Intentionally Left Blank
  15. Apple have already patented it by Anonymous Coward · · Score: 0

    How to control your home devices using celebrity instagram accounts...

  16. Oops they did it again by Anonymous Coward · · Score: 0

    Nm

  17. Who? by Anonymous Coward · · Score: 0

    Who?

    1. Re:Who? by Opportunist · · Score: 1

      I think it's some has-been stripper. Not sure, though.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  18. More BS. by Anonymous Coward · · Score: 0

    How did this crap get posted up on slash dot? Evidence is key to journalism.

    1. Re:More BS. by Anonymous Coward · · Score: 0

      > Evidence is key to journalism.

      The summary say "new analysis by Eset shows". ESET NOD is a czech-slovakian anti-virus firm with good reputation, they have been around since about 1988. (The company's name is actually an acronym for the title of a hospital-drama themed czech TV series from the mid-1980s, when the region was still in the soviet block). ESET is smaller AV company, but they are known for having written the core of their protection suite in hand-coded assembler for speed-up.

      > How did this crap get posted up on slash dot?

      What is so unbelievable about the story? Malware using Instagram visitor comments to do C-and-C communications is not much different from malware using Twitter for the same purpose. Except Britney's account is less likely to be shut down over malware-made comments, while a purely malicious Twitter stream wont last hours.

    2. Re:More BS. by alexgieg · · Score: 2

      they are known for having written the core of their protection suite in hand-coded assembler for speed-up.

      That was back then. I loved using NOD32 back in the version 2.x days, it was hands down the fastest anti-virus around, so light it seemed my computer wasn't running an anti-virus at all. Then in later versions they stopped doing that. Version 3.x was as bloated and slow as the other anti-virus in the market. I kept using v2 until it stopped being supported, and then I moved on.

      --
      Conservatism: (n.) love of the existing evils. Liberalism: (n.) desire to substitute new evils for the existing ones.
  19. notoriously effective by Anonymous Coward · · Score: 0

    It's been a while since I've seen such an effective use of crapware (Britney Spear channel) to distribute malware!

  20. slashdot censored this by Anonymous Coward · · Score: 0

    I tried to leave a clever google translated britney themed comment but slashdot wouldn't let me.

  21. Link goes to a different fucking story by Nyder · · Score: 1

    Link goes to a different story.

    Seems like either someone got trolled or the editors suck and no one else bothered to click on the link.

    --
    Be seeing you...
    1. Re:Link goes to a different fucking story by Nyder · · Score: 1

      ah shit, nm, not my best day so far, I'm wrong.

      --
      Be seeing you...
  22. C&C servers this uses to block in hosts by Anonymous Coward · · Score: 0

    0.0.0.0 www.mentalhealthcheck.net
    0.0.0.0 mentalhealthcheck.net
    0.0.0.0 static.getclicky.com
    0.0.0.0 getclicky.com
    0.0.0.0 drivers.epsoncorp.com
    0.0.0.0 rss.nbcpost.com
    0.0.0.0 static.travelclothes.org
    0.0.0.0 msgcollection.com
    0.0.0.0 epsoncorp.com
    0.0.0.0 nbcpost.com
    0.0.0.0 travelclothes.org
    0.0.0.0 versal.media
    0.0.0.0 www.ajepcoin.com
    0.0.0.0 loveandlight.aws3.net
    0.0.0.0 ajepcoin.com
    0.0.0.0 aws3.net
    0.0.0.0 alessandrosl.com
    0.0.0.0 www.namibianembassyusa.org
    0.0.0.0 www.avsa.org
    0.0.0.0 www.zambiaembassy.org
    0.0.0.0 namibianembassyusa.org
    0.0.0.0 avsa.org
    0.0.0.0 zambiaembassy.org
    0.0.0.0 russianembassy.org
    0.0.0.0 au.int
    0.0.0.0 mfa.gov.kg
    0.0.0.0 gov.kg
    0.0.0.0 mfa.uz
    0.0.0.0 www.adesyd.es
    0.0.0.0 www.bewusstkaufen.at
    0.0.0.0 www.cifga.es
    0.0.0.0 www.jse.org
    0.0.0.0 www.embassyofindonesia.org
    0.0.0.0 www.mischendorf.at
    0.0.0.0 www.vfreiheitliche.at
    0.0.0.0 www.xeneticafontao.com
    0.0.0.0 iraqiembassy.us
    0.0.0.0 sai.gov.ua
    0.0.0.0 www.mfa.gov.md
    0.0.0.0 mkk.gov.kg
    0.0.0.0 gov.ua
    0.0.0.0 mfa.gov.md
    0.0.0.0 gov.kg
    0.0.0.0 adesyd.es
    0.0.0.0 bewusstkaufen.at
    0.0.0.0 cifga.es
    0.0.0.0 jse.org
    0.0.0.0 embassyofindonesia.org
    0.0.0.0 mischendorf.at
    0.0.0.0 vfreiheitliche.at
    0.0.0.0 xeneticafontao.com

    APK

    P.S.=> Per source article some claim to be clean but you never know (if you don't use 'em, block 'em)... apk