Comments on: Trojan Blogs

By: Bryan

Bryan — Sat, 01 Sep 2007 05:03:25 +0000

They are a scourge who should be hunted down and forced to use Vista.

By: Badtux

Badtux — Sat, 01 Sep 2007 02:11:12 +0000

One of these guys posted to my site. I of course turned off Javascript, Java, and popups in Safari, followed the link to see where it went and found that it would load a .exe file. Which of course is useless on a Mac. The interesting thing is that the .exe file was hosted on *another* compromised machine, i.e., it’s a viral thing.

Anyhow after I figured out the exploit I deleted the message off my blog, of course. So it goes. I’ll probably turn off anonymous posting this weekend while I’m away.

— Badtux the Spammed Penguin

By: Bryan

Bryan — Fri, 31 Aug 2007 21:57:59 +0000

I’ve been seeing this in comment spam recently, but my filters have been catching it.

By: Sunny

Sunny — Fri, 31 Aug 2007 21:15:00 +0000

Thanks for posting this…I had a couple of weird posts that I now attribute to this nonsense…I deleted and I hope, all is now fine.

By: Bryan

Bryan — Fri, 31 Aug 2007 17:09:03 +0000

They are a significant drag on ‘Net resources and I fully expect extortion to follow at some point, i.e. send us money or your site goes down, similar to the bomb threats against businesses that have been traced back to Portugal.

It’s another form of terrorism.

By: Steve Bates

Steve Bates — Fri, 31 Aug 2007 06:18:32 +0000

Thanks for the heads-up; I’ll post something about it when I’m wider awake tomorrow.

I’ve been thinking about the sheer sophistication of many of the attacks these days. I received an email yesterday that made it through the spam filters. I was almost sure it was spam or worse… almost… so I… no, I didn’t open it; I used a tool available in my webmail to view the source without opening it. It was a multipart/mixed message with a multipart/alternative (the usual text/plain and text/html) as the first part and a GIF file of some sort, referred to from the text/html, as the second part. The alternative texts contained poetry… not bad; it may have been copied from legitimate poetry somewhere, though it was rather chopped up. So the payload must have been in the GIF file. An ad? a faulty GIF designed to infect via a buffer overrun of some sort? I’ll never know, because ultimately I did not attempt to open the mail.

For professional purposes I’ve learned quite a bit about the internals of MIME-structured email. If I, knowing what I know, had difficulty determining if that message was spam, or perhaps something more hazardous, what chance does an ordinary user have? If their a/v software catches it when they open it, that’s great. If not…

I agree with your assessment of these gang members, though I increasingly believe it’s no longer clever script kiddies, but capable adult programmers who intend to use their ‘bot networks for profitable criminal purposes. As you know, I oppose the death penalty, but if anyone could make me change my mind, it’s these people… murder can be committed without premeditation, but hacking is always intentional, and while it may not kill people, it can certainly destroy their lives.

I also worry about politically motivated hacking, and not just of voting machines. But I’ll save that for another day.