Twitter + Pastebin = malware update

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Twitter + Pastebin = malware update
Botnet Sninfs
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol Twitter, Paste-platform
Date 2009 / 2009-08-17
Editor/Conference Symantec
Link http://www.symantec.com/connect/blogs/twitter-pastebin-malware-update (Archive copy)
Author Patrick Fitzgerald
Type Blogpost

Abstract

Debian.net and Rifers.org are both legitimate sites and it was a little surprising to see them both in this context. A closer look shows that both of these URLs seem to be using the pastebin feature of the Debian and Rifers sites. Pastebins give Web users the ability to upload arbitrary text in order to share information. Pastebins exist on many sites across the Internet and any one of these sites could have been selected by the attackers in order to host their malicious payloads. It’s likely the Debian and Rifers sites were selected because of the trust associated with their brand. There is little these sites can do to mitigate this type of misuse of a legitimate service provided by their sites.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2009BFR2222,
   editor = {Symantec},
   author = {Patrick Fitzgerald},
   title = {Twitter + Pastebin = malware update},
   date = {17},
   month = Aug,
   year = {2009},
   howpublished = {\url{http://www.symantec.com/connect/blogs/twitter-pastebin-malware-update}},
 }