Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Crime The Media

Phishing Blast Uses Dropbox To Target Hong Kong Journalists (csoonline.com) 12

itwbennett writes: Researchers at FireEye have disclosed an ongoing Phishing campaign targeting pro-democracy media organizations in Hong Kong that's using Dropbox storage services as a command and control (C2) hub, writes CSO's Steve Ragan. 'The attacks are using basic emails trapped with documents that deliver a malware payload called LowBall,' says Ragan. 'LowBall is a basic backdoor that uses a legitimate Dropbox storage account to act as a C2.'
This discussion has been archived. No new comments can be posted.

Phishing Blast Uses Dropbox To Target Hong Kong Journalists

Comments Filter:
  • by Anonymous Coward

    "LowBall is a basic backdoor that uses a legitimate Dropbox storage account to act as a C2. The malware uses the Dropbox API with a hardcoded bearer access token and can upload, download, and execute files."

    So it's part of Dropbox's API to execute files on a remote machine? What. The. Fuck.

  • by Anonymous Coward on Tuesday December 01, 2015 @02:20PM (#51034963)

    Ingeniously, the submitter-spammer created the title link pointing to the blogspam at csoonline.com, while burying the link to the real story (the actual, no-bullshit security analysis) at fireeye.com in the submitted text. While the human reader (assuming RTFA) may perhaps be not biased against taking the latter one, the title link, although without any rel= attribute, has class attribute "story-sourcelnk", which will likely induce a typical search engine AI to assign the semantics "source" (or similar) to the role of the link, hence boosting the target, spam site csoonline's ratings.

    On slashdot, another regular submitter-spammer is StartsWithABang, with its links to the ad-infested spam site forbes.com, which is designed to break the logical semantics of hyperlinks and to force the readers to open the so-called "story" by first going through a landing page. The "story" itself, again, is at best blogspam that re-narrates another story without adding any new knowledge or insight.

    Remember the days when the (late) prolific blogger Roland Piquepaille (rpiquepa) used to submit articles pointing to his own blog entries that indirectly reported on other news stories. Although the quality of Roland's writings was, in today's standard, far above slashdot average, such behavior used to generate the ire of slashdot readership who would assign, with ignomity, the tag "dierolanddie" to his submissions.

    Reading the slashdot obituary of Roland (http://meta.slashdot.org/story/09/01/09/1456216/roland-piquepaille-dies) and its comments, it is clear how less the remnant of the slashdot community cares about the quality of the submissions now, compared to how it used to do in Roland's times.

    If one reads further down the comments, it is even apparent that the (former) editor, kdawson, who was once widely reviled as an editor-troll, personally verified the news of Roland's death before posting it. This level of editorial integrity, although a basic prerequisite of the content custodian's post, is nowhere to be seem in today's so-called editors, who have consistently demonstrated their unwillingness to basic content screening, the reluctance to say "no" to blatant blogspams in the submission, and the apathy towards the intellectual satisfaction of the readers.

    Formerly a hub of information, slashdot has regressed into a nexus of spam and traffic-manipulation SEO hacks.

    I wish to call on the remaining editors of slashdot to reflect upon this change and to take a little time cherishing the memory of what has been lost. You were once part of the fond memory (if not collective unconsciousness) of the community, and you used to wield significant power of discretion and disposition, despite imperfections, for the benefit of the readers and the greater Internet. You cannot say honestly that you are satisfied with the current situation which is by no means even a shadow of its former self. It is within your ability, in spite of corporate entanglements, to begin regaining recognition, and most importantly readers' trust, by rejecting frequent spammers like itwbennett and StartsWithABang, and favor submissions that offer direct links to original content, and refrain from linking to mass-produced, second-hand, self-centered parodies of "information".

    The road to success is accessed by aligning your interests with those of the readers, within whom there is naturally a force of self-betterment by absorbing information worthy of intellectual digestion. You have deviated from that road, down to the wasteland of oblivion, and I hope you will regain your lost steps.

  • 'The attacks are using basic emails trapped with documents that deliver a malware payload called LowBall'

    Do these email trapping documents work on anything else except Microsoft Windows?

God help those who do not help themselves. -- Wilson Mizner