Forgot your password?
typodupeerror
Crime Security IT

JavaScript Botnet Sheds Light On Criminal Activity 50

Posted by samzenpus
from the surfing-dirty dept.
CowboyRobot writes "Informatica64, a security research group, demonstrated the use of cached JavaScript to control computers connecting to a malicious proxy. 'The researchers found a variety of low-level criminals using their proxy server: fraudsters posing as British immigration officials offering work permits in hopes of stealing money and sensitive documents from their victims; a man pretending to be a pretty woman on a number of dating sites to con victims into sending money for a plane ticket; and another fraudster selling nonexistent Yorkshire Terriers.'"
This discussion has been archived. No new comments can be posted.

JavaScript Botnet Sheds Light On Criminal Activity

Comments Filter:
  • Really? (Score:5, Insightful)

    by Darkness404 (1287218) on Sunday July 29, 2012 @08:36PM (#40812951)

    It is very likely that companies and governments are already using this technique to eavesdrop on criminal activity, Alonso said.

    Really? How about them using it to eavesdrop on -everyone- regardless on if it is "criminal" or not. Plus, I'm sure governments have more invasive methods rather than just this.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      I was at this presentation-- it was a public access proxy. If you're going to risk sending information over a proxy *you do not run* then that is your own mistake.

    • Re:Really? (Score:4, Funny)

      by girlintraining (1395911) on Sunday July 29, 2012 @09:17PM (#40813271)

      Plus, I'm sure governments have more invasive methods rather than just this.

      Yes, in the sage words of Jon Stewart, "I'm sure big government feels its largest when it's in your anus."

  • by Anonymous Coward on Sunday July 29, 2012 @08:36PM (#40812963)

    Yep, this is proof... Javascript is a real programming language.

  • by Anonymous Coward on Sunday July 29, 2012 @09:08PM (#40813197)

    "... and another fraudster selling nonexistent Yorkshire Terriers.'"

    Bullshit. Yorkshire Terriers most certainly exist.

    • "... and another fraudster selling nonexistent Yorkshire Terriers.'"

      Bullshit. Yorkshire Terriers most certainly exist.

      But *he* wasn't selling real ones.

      • some folks would not believe that Foo/Temple Dogs exist even if a Tibetan Mastif took a chunk out of their hind end.

        (hint here the TM is what inspired the legend of the Temple Dogs and in fact do the same job in real temples)
        (as to the existence of actual magical Temple Dogs just ask any fans of The Dresden Files about "Mouse")

  • by Anonymous Coward on Sunday July 29, 2012 @10:01PM (#40813559)

    It shouldn't be a crime to sell non-existant Yorkies. Just think of the ensuing peace and quiet of neighbors, because the would-be purchaser no longer has the cash for a real one. That man owes society nothing. Yay, society should reward him for performing such a public service.

  • by tofupup (14959) on Sunday July 29, 2012 @10:11PM (#40813617)

    i saw the talk a def con this weekend.

    one of my take ways from this talk is when certain sites such as youtube/imgur/slashdot/reddit are
    black listed due to corporate IT guidelines people often go to proxies to circumvent
    this. So the net effect of black listing popular sites (besides being a pain) is to make your
    network less secure.

    imho ... wasted banwidth is better than getting hacked.

  • by bosef1 (208943) on Sunday July 29, 2012 @11:03PM (#40813879)

    Well, it looks like organized crime has found its own Etsy and Craigslist. I suppose it just demonstrates how the power of just-in-time communication and office automation can be an assest, even on the black market.

  • If all the communication is encrypted using SSL, which not only encrypts but authenticates all data, I don't see how a poisoned javascript file can get passed to the client.
  • ...for every nonexistent Yorkshire Terrier I'd had to chase out of my back garden I'd have millions.

    • by fatphil (181876)
      If the RIAA and MPAA had a dollar for every nonexistent Yorkshire Terrier that pirates had illegally downloaded from the internet, they'd be large and rich enough to be dangerously influential.

Mathematicians stand on each other's shoulders. -- Gauss

Working...