New fear: ISIS killers use 'digital AK-47' malware to hunt victims Malware has emerged from war-torn Syria targeting those protesting the rule of ISIS (ISIL, Islamic State, whatever the murderous humanity-hating fanatics are calling themselves these days.) The trivial Windows spyware, analyzed by University of Toronto internet watchdog Citizen Lab, was sent out in a small number of emails …
Not exactly the hardest stuff to sidestep but I suppose it requires knowing it's there. Even using a virtual machine could defeat it assuming you have the host provide NAT services for the guests. It wouldn't even be too difficult to run a virtual network that could provide a traceroute that takes them from Argentina to Zaire in the event they eventually think they are getting wise and look for that. Sure, you might not be able to properly resolve hampsterdance.com but sometimes freedom from the zombie jihad sometimes has a price.
I didn't put this in my post, because I didn't really read the article too closely :-/, but don't they already have targets in mind before sending them this random e-mail? You'd think that they'd already have a target in mind, so wouldn't the e-mail/malware be redundant? Otherwise, if they don't have a target in mind, wouldn't it almost literally be like shooting in the dark?
WTF ever. Amazingly, this "AdobeR1.exe" somehow gives malware a bad name. What makes the whole thing really sad for me is that they used "Adobe" in the filename, which might already be blocked by a shit ton of firewalls.
According to the article they sort of do have targets in mind. Essentially "people who don't like us on the Internet who might be reasonably local" but who could be anywhere, really.
The idea of trying to get the IP address of these targets is to narrow down the possible places they could be in meatspace because they don't really know who they are or where they are beforehand.
It is registered mainstream media launching wars and conflicts for puppet generals and the intellectually challenged and virtually inept and naive, Destroy All Monsters, although they be not alone in that venture.
And to imagine that they be called and/or think of themselves as the Elite and Powers That Be and a POTUS on a COTUS is definitely a massive delusion in a created illusion. And all that it takes with IT Command and Control and CyberSpace Savvy is the sharing of greater intelligence with those searching and appreciative of greater intelligence and virtual applications which realise practical presentation of future event scenarios.
Agree agree agree. But - the un-ISIS-enhanced version of Sharia law wouldn't prohibit scientific knowledge, in fact I'm pretty sure scholars in the Islamic world were pretty great with science and maths, the first to systematize algebra, decimals, the decimal point, they preserved for us the works of the classical Greek and Roman canon (although I honestly don't know what they were thinking when they allowed Ovid's Ars Amoris to be transcribed...).
Picture is an obvious fake, so no wonder it looks like the life of Brian. The beard, background and commando escort are photoshopped.
As far as the hairy bits, I am 100% with 17-18 century Kossaks on how to deal with religious fanatics belonging to that particular persuasion. In first instance they shaved everything on one side (top to bottom) and "released into the community". For what they did in second instance you can see the history books. It did work as they had a virtually zero re-offend rate.
If it gets it from the PC, wouldn't it be 10.0.0.24 or something like that? Surely each PC in an internet cafe doesn't have a routable IP? The US having hogged the bulk of the IPv4 addresses may end up saving lives....talk about random unintended consequences!
Correct. For a detailed description on how the whole thing works:
https://citizenlab.org/2014/12/malware-attack-targeting-syrian-isis-critics/
For the IP address, in one of the steps it explains:
"Next, “rundl132.exe” performs an HTTP GET request to myexternalip.com and collects the external IP of the infected machine"
The result file they create is send to an email address, so there goes an easy attempt to flood the b*stards with a list a couple of blocks of class A addresses.
'largely controlled by the Free Syrian Army and Kurdish forces'
Indeed, there are kurdish forces, but there is no 'Free Syrian Army', they are all partying with IS or ISIL, Daesh, whatever you want to call it, or the weaker but similar groups.
I would request, as Reg policy, because it is not a rare given name for girls among more enlightened families in north africa at least, please stop referring to this band of pigs as ISIS.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
