Last Saturday, January 27th, the New York Times published a detailed article on the sales of automated likes and follows by an American company called Demuvi. The same day, a New York attorney general announced that he opened an investigation on the company, which sold millions of fake followers on social networks. Some of these fake followers stole real users' data such as pictures and profile descriptions. The news article relates to the research we’ve conducted on the botnet Linux/Moose and the ego market it is thriving in. This blog post contextualizes the New York Times' article with our own experience.
Our own Olivier Bilodeau will be presenting with Thomas Dupuy of ESET Canada Reseach about malware affecting "Internet of Things" (IoT) devices. A free event hosted by OWASP Montréal in downtown Montreal.
The presentation will be in French with the slides in English.
Here is the abstract:
More and more devices are connected to the Internet. Under the moniker "Internet of Things" (IoT) these "things" generally run an embedded Linux system of the MIPS or ARM architecture. The unresolved problem of software updates and short vendor support cycle combined with the lack of effort into systems security and application security makes these devices an easy target. This last year we have analyzed several malware samples targeting these architectures. Internet accessible embedded systems are being compromised via vulnerabilities (like Shellshock) or because of their weak default configuration.
Our presentation will cover some of the analysis we performed:
- - Linux/Moose, a malware that propagates by itself and perform social network fraud on Twitter, Facebook, Instagram and more
- - LizardSquad and foreign actors that are leveraging embedded systems to perform distributed denial of service attacks (DDoS)
- - Win32/RBrute, desktop malware that changes router settings in order to infect more victims. This is distributed by the Sality botnet.
- - An Exploit Kit that leverages router vulnerabilities through a Web browser to perform "DNS poisoning"
Finally, some advice will be given to the audience in order to help protect themselves, their organizations and their families.