Pawn Storm Group Makes Trend Micro IP Address a C&C Server 45
An anonymous reader writes: Following Trend Micro's disclosure of Russian hacking group Pawn Storm's 7-year campaign against military-industrial targets in and related to the United States, the security company has today announced that one of the IP addresses it owns has been 'designated' by the hackers as a C&C server for their spear-phishing scenario. The intent of the DNS record redirection, according to the company, is likely to be to convince others that it has been hacked (which it hasn't), or else to push one of its IP addresses into administrative blacklists.
who's fooling who (Score:2)
Re: (Score:2)
We have a popular YouTube video which suddenly started getting jibberish comments on it. I'm pretty sure someone's using the comments section as a C&C server.
Battle-Scarred Usenet Veteran (Score:2)
"C&C"
I always read that as "coffee and cats."
Pawn Storm Group Makes Trend Micro IP Address a Coffee and Cats Server
YMMV.
--
BMO
Re: (Score:3, Insightful)
I read this as...
Pawn Storm Group Makes Trend Micro IP Address a Command and Conquer [wikipedia.org] server.
Cool, which game client do they support?
Re: (Score:1)
The story just above this one is "Paralyzed Man Hits the Streets of NYC In a New Exoskeleton", now I have "Mechanical Man" stuck in my head.
Command and Conquer (Score:5, Funny)
I thought they were hosting a game server for a minute.
Command and control isn't as exciting.
Re: (Score:1)
But I'm curious about C&C1. I was really good at it with my people at my university, but I'd be curious to see how it holds up if it was laddered. Its probably imbalanced really badly, but it is hard to be more imbalanced than C&C3 wh
Re: (Score:2)
Well, Command & Control is real life. :P
Rick Harrison has a buddy.... (Score:3)
So the Pawn Store is dealing with old RTS game servers?
What?
Re: (Score:1)
Well that is what they get for replacing there IT guy with an h1b
and his buddy Marco Rubio wants have an massive increases in the number of H-1b guest-worker
Re: (Score:1)
Since the summary is impenetrably obfuscated (Score:5, Informative)
Here's the narrative:
- Trend Micro documented a 0-day Java exploit, leading to it's patching http://blog.trendmicro.com/tre... [trendmicro.com]
- The hacking org Operation Pawn Storm that was using the exploit got all pissy, and redirected a domain that computers infected with their malware contact, pointed it to an IP address in Trend Micro.
The domain names contacted for command and control instructions are usually randomly encoded and encrypted, and rotate on a regular basis. The crackers know what the next domain name to be used is, but they are hard to deduce from the binary. Infected systems will likely move on to contacting the next domain/ip looking for remote control instructions in hours/days.
Re: (Score:2)
microsoft security essentials has a more comprehensive detection library than trend micro and doesn't fuck up your hard disk access times.
maybe pawn storm is trend micro. wouldn't surprise me.
Re: (Score:1)
https://www.av-test.org/en/antivirus/home-windows/
Sort by protection. Behold.
Are you sure about that? I'm a hardcore MSE user and I'm getting worried, unfortunetely everything I've tried amounts to being overcomplicated. Avira was good, but it blocked all file I/O for 20 seconds on boot. Everything else either has a download.com or cnet.com download link and tries to install toolbars and other shit, or is non free.
Also like to add that on most of the virustotal samples I look through that get posted by vari
Re: (Score:2)
Re: (Score:2)
Go! Spammers! (Score:1)
Why wouldn't they also add Kaspersky, McAfee, Norton, AVG, Avira, etc to their next batch.
Fuck, why not add 74.125.21.* and 207.46.163.* to thei C&C list. I wonder if the Google Air Force, or Microsoft have any atomic bombs to drop on Spamhaus?
Re: (Score:2, Informative)
No, as a C&C server address in their bot, so as to send C&C traffic to a TrendMicro ip address in an attempt to get Spamhaus et al to add the /24 to the blocklist.
Re: (Score:2)
Seems like this is a great opportunity for Trend to sinkhole some traffic or capture the C and C traffic for analysis and to help with remediation efforts and notifying owners of networks with infected systems.
Said owners will then be endeared to Trend for helping them and possibly purchase Trend products or tell their friends about it etc