Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday May 23 2016, @08:42PM   Printer-friendly
from the curiouser-and-curiouser dept.

Submitted via IRC for TheMightyBuzzard

HelpNetSecurity reports

In May 2016, the Special Investigations team at Forcepoint revealed the existence of a botnet campaign that is unique in targeting a very small number of individuals while in tandem, herding thousands of victims into general groups.

The discovery, known as Jaku, offers vital insight into the workings and characteristics of a botnet, as well as specific understanding of a targeted attack that differs from the scattergun approach of broader botnet activities. It also sheds light onto why the victims of botnets are targeted, and how their usage of pirated or counterfeit software and movies leaves them vulnerable to attack.

Regarding the victims, the analysis claims:

We saw a strange, unexplainable variants in the geographic distribution of botnet victims, but could pinpoint that they were being targeted both geographically and linguistically. We don't know specifically how, as data came in from all over the world, but the fact that there were no victims all across Russia, other than a scattering in Moscow, suggests this could be a language-focused attack.

We also found that the number of corporate victims was low and the attackers were allowed much less dwell time within corporate systems, than non-corporate systems. Less than 1% of computers affected were a member of a Microsoft Windows domain, and the vast majority of victims appear to be people using unlicensed versions of software and cracked versions of Codex used to watch illegally downloaded movies. Indeed, more than half of the victims' computers were running counterfeit copies of Microsoft Windows.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by VLM on Monday May 23 2016, @09:36PM

    by VLM (445) Subscriber Badge on Monday May 23 2016, @09:36PM (#350034)

    Indeed, more than half of the victims' computers were running counterfeit copies of Microsoft Windows.

    Its easier to get an cracked copy than to suffer thru product activation and genuine advantage BS.

    cracked versions of Codex

    codecs? I'm not up on windows software so there could be a proprietary paid mplayer wrapper named Codex but otherwise I'd file this one as an editing error. Maybe even a speech2text transcription error.

    • (Score: 2) by looorg on Monday May 23 2016, @10:28PM

      by looorg (578) on Monday May 23 2016, @10:28PM (#350052)

      The people infected by the Jaku botnet did so because they did not care about their personal hardware or using cracked versions of Windows software and Codex for videos, and probably were not using any anti-virus software or firewall.

      How do they know they didn't care? They might not just know any better. I was also stumped by the mention of Codex -- some piece of media player I never heard of, considering it seems to be a very language specific bot-net that could be the case but as you did I also think it's just an odd form of codec or codeces (or is it just codecs?). That said didn't cracked codecs go out of fashion when DIVX wasn't a scene standard anymore? As noted it could be some standalone player with some built-in stuff I just never heard of.

      None of us being naturally gifted at Asian languages, automated translation from Japanese and Korean into English eventually led to some fairly bizarre animated pornography and a significant amount of copyright theft in the form of videos and cracked software

      I guess since I'm not in Japan or into tentacle porn that could explain it. Perhaps it's some specific piece of squidpornosoftware.

      • (Score: 2) by bitstream on Monday May 23 2016, @11:30PM

        by bitstream (6144) on Monday May 23 2016, @11:30PM (#350061) Journal

        Squid with tentacles almost seems like malware sucking juice from ones computer .. ;-)

        Next: Malporn! :p

        • (Score: 0) by Anonymous Coward on Tuesday May 24 2016, @02:13AM

          by Anonymous Coward on Tuesday May 24 2016, @02:13AM (#350110)

          Squid girl?! [duckduckgo.com] So that's her latest plot to save marine biomes!

          (Yes, this is an actual anime. Not hentai.)

    • (Score: 1) by nethead on Monday May 23 2016, @11:58PM

      by nethead (4970) <joe@nethead.com> on Monday May 23 2016, @11:58PM (#350070) Homepage

      Cracked Codex? Like this: https://en.wikipedia.org/wiki/Codex#/media/File:The_War_Scroll_-_Dead_Sea_Scroll.jpg [wikipedia.org]

      Other point, activating some Windows installs are dead simple, like an enterprise HP kit, just load the OEM disk and it activates. It seems the CPU is what they track.

      --
      How did my SN UID end up over 3 times my /. UID?
    • (Score: 2) by frojack on Tuesday May 24 2016, @01:22AM

      by frojack (1554) on Tuesday May 24 2016, @01:22AM (#350093) Journal

      Yes, those things occurred to me as well. These targeted people don't sound all that tech savvy, and son't sound like they have a Domain admin watching out for them.

      But I also have to admit the sounds a little like Microsoft BS to me.

      TFA's Author is in the business of selling security and blocking tools to schools and government https://en.wikipedia.org/wiki/Forcepoint [wikipedia.org]
      And the wiki article seems to suggest they take a pretty imprecise and heavy handed approach to their solutions.

      One wonders just what tools they are trying to sell to suppress the dread JAKU, a word which exists nowhere else on the internet except those sites pointing back to Forcepoint.

      --
      No, you are mistaken. I've always had this sig.
      • (Score: 1) by Scruffy Beard 2 on Tuesday May 24 2016, @02:46AM

        by Scruffy Beard 2 (6030) on Tuesday May 24 2016, @02:46AM (#350123)

        Well, Because they are so intrusive, that may allow them to detect a "stealthy" bot-net.

        Your post reads as if you think they made the whole thing up.

        • (Score: 2, Insightful) by anubi on Tuesday May 24 2016, @05:04AM

          by anubi (2828) on Tuesday May 24 2016, @05:04AM (#350154) Journal

          "They" made the whole thing up - well, a lot of us have been having that nagging suspicion for a long time now.

          A "high-tech protection racket" if you will.

          Frojack just laid the cards on the table, face up.
           
           

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 0) by Anonymous Coward on Tuesday May 24 2016, @11:29AM

        by Anonymous Coward on Tuesday May 24 2016, @11:29AM (#350248)

        First thing that came up for me was an album by DJ Krush (never heard of 'im). Here I was thinking Star Wars.

  • (Score: 0) by Anonymous Coward on Wednesday May 25 2016, @06:58PM

    by Anonymous Coward on Wednesday May 25 2016, @06:58PM (#350901)

    I have three windows licences and have never had a legitimate installation for more than a few hours.

    First thing one does after buying a computer?
    Reinstall the OS to get rid of all the shit that comes preinstalled.

    When trying to download an installer from MS's website I found out that the keys I have aren't supported, the website agrees they're legitimate keys, but doesn't provide downloads for those type of keys.

    "Fuck you, you can use the software, but only if you can find a copy!"

    I wonder how many "counterfeit copies" are being used under a valid licence.