Posts tagged botnet
Once there was a fox that wanted to eat a turtle, but whenever he tried to, it withdrew into its shell. He bit it and he shook it, but he wasn’t getting anywhere. One day he had an idea: he made the turtle an offer to buy its shell. But the turtle was clever and knew it would be eaten without this protection, so it refused. Time passed, until one day there appeared a television hanging in a tree, displaying images of flocks of happy, naked turtles – flying! The turtle was amazed. Oh! They can fly! But wouldn’t it be dangerous to give up your shell? Hark, the voice on television was announcing that the fox had become a vegetarian. “If I could only take off my shell, my life would be so much easier,” thought the turtle. “If the turtle would only give up its shell, it would be so much easier to eat,” thought the fox – and paid for more broadcasts advertising flying turtles. One morning, when the sky seemed bigger and brighter than usual, the turtle removed its shell. What it fatally failed to understand was that the aim of information warfare is to induce an adversary to let down its guard. (In 1998, Sergei P Rastorguev, a Russian military analyst, published Philosophy of Information Warfare, which included a lengthy version of this anecdote)
We noticed that this extension was distributed through a compromised Swiss security company website. Unsuspecting visitors to this website were asked to install this malicious extension. The extension is a simple backdoor, but with an interesting way of fetching its C&C domain. The extension uses a bit.ly URL to reach its C&C, but the URL path is nowhere to be found in the extension code. In fact, it will obtain this path by using comments posted on a specific Instagram post. The one that was used in the analyzed sample was a comment about a photo posted to the Britney Spears official Instagram account.