Beware the bling-bling
Ahh yes. Depending on our age, when we hear the phrase “Trojan Horse”, one of two images are recalled to our minds.
For some, the classic “original” Trojan Horse scenerio in which the Greek forces surrounding the City of Troy built a gigantic wooden horse statue as a symbol to “honor” Troy for surviving despite a 10 year siege. They pretend to sail away, and the citizens of Troy are lured by the bling bling left behind. After the population collapsed in a druken stupor, a hatch opened up in the Horse and an elite squad of Greeks pour out to open the city gates to let in their comrades who had returned under the cover of darkness.
The other form of “Trojan Horse” is the one which most of my tech-related people know about; some kind of virus or application which opens a hole in your system’s guarded firewall to allow access from the internet.
While not necessarily a “new” strategy, one of my clients recently became a victim of (what I call) “Trojan Horse 2.0″. I’m branding it “2.0″ merely because it takes advantage of the push by online groups to “connect” with customers. To remove the stodgy mortar and brick maze which confronts / confounds customers.
The attack came in two parts.
Part A was that the attacker had somehow managed to gain access to my clients website. I highly doubt that they were able to crack an FTP account, so I’m more focused on the likelihood of the attacker using a known vulnerability on the website host. Once they gained entry, the attackers created a hidden file folder of 3 dots (eg. “…”) then dumping several binaries inside this hidden file folder.
Part B was to send a message via the contact form on the same website with a bogus plea for help claiming that there’s a problem trying to hit one of the pages on the website. Sure enough, the URL they claim is giving them problems is in fact a link to one of the binaries in the “…” hidden folder. The URL appears to be legit. It’s coming from the client’s domain, it contains a known path of my client’s website…the only “warning” sign is the 3-dotted folder.
Long story short, I notified my client and recommended them to bring this up immidiately with their hosting provider. Case closed. My client is happy again and back into the land of productivity.
Popularity: 1% [?]
