Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Idle

Vigilante Sabotages Malware Botnet By Replacing Payloads With Animated GIFs (zdnet.com) 16

An anonymous reader writes: An unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected. The sabotage, which started on July 21, has grown from a simple joke to a serious issue impacting a large portion of the Emotet operation, reducing the biggest malware botnet today to a quarter of its daily capabilities.

Since the attack started, the vigilante has replaced Emotet payloads with this Blink 182 "WTF" GIF, a James Franco GIF, and the Hackerman GIF from the Kung Fury movie.

The article points out this is all possible because Emotet stashes its malware on Wordpress sites they've breached with web shells — all of which have the exact same password.
This discussion has been archived. No new comments can be posted.

Vigilante Sabotages Malware Botnet By Replacing Payloads With Animated GIFs

Comments Filter:
  • Emotet is yet another thing where it would certainly be a lot harder for it to spread if email clients just didn't make URLs/attachments into clickable links full stop. Why is this a lesson that email clients haven't yet learned?

    • Because users are fickle things that want the links to be clickable.

    • Emotet sounds like an Egyptian prince with very straight black hair with blonde or platinum highlights. Blink-182 was more pop-punk though.

    • Why is this a lesson that email clients haven't yet learned?

      In open source email clients you usually just click the check box in the user preferences.

      Commercial email clients choose not to offer the feature. For reasons.

      Don't click the link. Go to the place, and view it on the site. Click on it there.

    • by AC-x ( 735297 )

      it would certainly be a lot harder for it to spread if email clients just didn't make URLs/attachments into clickable links full stop

      I think the kind of users who fall for malware links would quite happily paste unknown URLs into their browser [wikipedia.org] if email clients didn't have clickable links.

  • by SuperKendall ( 25149 ) on Sunday July 26, 2020 @01:50PM (#60333487)

    Myself, I would have included the classic Jurassic Park AH AH AH [funny115.com] - GIF.

  • The Internet isn't an extant jurisdiction. Geographical descriptors don't overlay well, and geographically-based police are usually useless for this work.

    • Put it under the UN Security Council. Turn the Internet into a one world government with veto power in the hands of the US, Russia, China, France, and the UK.

  • This is the kind of thing that makes me happy to be part of geek culture. It's the best parts of humanity showing up in the worst places. And doubly awesome that the person decided to use something funny (the Hackerman one seems particularly fitting).
  • Where are all the comments pointing out that the vigilante is breaking the law? Where are the questions about whether courts should allow some law breakers and not others?

    If the vigilante is discovered to be a part of the original malicious botnet crew who had a change of heart, do they still get our approval?

    AC, it's your time to shine! Are you a vigilante? THE vigilante? When someone takes credit for this, how do we respond?

    • They're not necessarily even breaking *any* law. Those Wordpress sites just have a thing on them where you can upload anything you want. That backdoor was put there by the hackers. The Wordpress sites are basically broken, and where exactly is the written law that says you can't upload stuff to broken websites?

      • Just to explain things, hackers broke some Wordpress sites, and put a thing in there where you can upload a file. They upload instructions for their botnet there. Then the botnets know to go to that specific URL to get their instructions. What this guy did was merely erase their instructions on the Wordpress site and put an animated gif there. All the guy is actually guilty of is posting the gifs.

Ummm, well, OK. The network's the network, the computer's the computer. Sorry for the confusion. -- Sun Microsystems

Working...