Okay, ignoring the obvious suckiness of it all, that's actually pretty cool.
Favicons used to update world's 'most dangerous' malware
Developer Jakub Kroustek has found new features in the dangerous Vawtrak malware that allow it to send and receive data through encrypted favicons distributed over the Tor network. The AVG security bod reveals the features in a report (pdf) into the malware which is considered one of the worst single threats in existence. He …
COMMENTS
-
-
This post has been deleted by its author
-
Wednesday 25th March 2015 17:25 GMT Crazy Operations Guy
Pass simple messages through oppressive government firewalls? Set it up so that a regular law-abiding news site would encode a link to their 'revolutionary' site that is constantly moving and changing domain names. It would be nearly impossible for the government to figure out where the links are coming from and are forced to lay whac-a-mole on the actual counter-government site.
You could also incorporate a checksum of the page you are viewing to determine if content has been injected or modified.
-
-
Friday 27th March 2015 12:46 GMT Michael Wojcik
Side channel is side channel. This isn't even a particularly clever one. Other malware has used HTTP image retrieval as a side channel; it's just one way to disguise your C&C traffic. It's a lot less ambitious than, say, IP over DNS, and even that is pretty obvious to anyone with an IT-security background.
People have used power consumption and timing as covert channels. They've used process IDs as covert channels. They've used apparent typographical errors in text as covert channels. Researchers showed that modem activity lights leaked enough information to be inadvertent side channels, so it wouldn't be surprising if someone tried using them deliberately as a covert channel.
Every channel is a potential covert channel. If it transfers information, someone's going to try to use it for something other than its intended purpose.
-
-
Wednesday 25th March 2015 07:10 GMT Sarah Balfour
Darren Pauli, see me after class!
"You'll know YOUR infected…"
Darren, please correct the above, and then write it 1,000 times in your lunch break. Well, that's what used to happen when I was at school, basic spelling and grammar errors were an instant detention.
Reg, sack yer sub-ed - oh, wait, you don't HAVE, a sub-ed, do ya…? Well off with yer ed, then!
-
Wednesday 25th March 2015 07:55 GMT I. Aproveofitspendingonspecificprojects
What will the stooopid do?
It must take intelligence to run a net of bots yet I still end up a winner of stuff like this:
......Your e-mail has been AWARDED the sum of (2.5)MIILLION EUR(OS). Requested Details.
Name:
Last Name:
Ph:
We await your response. Regards,Mrs Vicente Dora.
Can't make up their minds how to say how much it is, don't even know who won and the lousy spelling and grammar don't inspire me to believe I am more clever than people who are going to be duped by me.
So how do they mastermind all this shit?
And what's a Ph: ?
-
-
Friday 27th March 2015 12:56 GMT Michael Wojcik
Re: What will the stooopid do?
the lousy spelling and grammar don't inspire me to believe I am more clever than people who are going to be duped by me
Microsoft Research's Cormac Herley published a paper a few years back arguing that there's an economic advantage to making untargeted spam and phishing messages deliberately stupid. It reduces the number of responses from people who are going to later wise up and stop corresponding before the phisher extracts money from them. The paper's worth reading - it treats phishing as a binary classification problem.
Herley, with Dinei Florêncio, also argued, back in 2008, that phishing is a low-cost, low-skill, low-profit endeavor and that the profit from it is hugely overestimated. Once in a while someone gets a big payout - the stories that show up in the news - but for the most part it's basically subsistence scavenging. So it's generally not done by the people who create the malware or own the botnets. They lease their resources to the hordes of small-time phishers.
-