back to article It's never good when 'Magecart' and 'bulletproof' appear in the same sentence, but here we are

A growing crop of so-called bulletproof hosting companies are using the ongoing civil war in Ukraine to host Magecart malware without fear of the police coming knocking. Researchers with security shop Malwarebytes say that the data-exfiltration and hosting servers used by Magecart operations to collect harvested card details …

  1. ds6
    FAIL

    As much as I feel for the Ukranians thrust into such an unscrupulous situation, and as much as I hate those for taking advantage of it, I mostly find myself in awe of the number of sysops that still to this day in current year cannot properly configure their servers.

    1. Anonymous Coward
      Anonymous Coward

      That, plus looking at logfiles. Even on the small WP sites we monitor we now see more attempts to reach rather interesting URLs in the 404 logs from Ukraine as we saw from the previous contender for the top on our logfiles, any OVH site in the world.

      Generally, the holders of those sites are quite OK with us setting up a geo block for Ukraine as they don't do any business there.

  2. seven of five Silver badge

    All fun and games until they rip off the wrong ones

    Or rather, the wrong ones spouse/kids. Then "bulletproof" might be put to the test. Lawless works both ways.

    1. Anonymous Coward
      Anonymous Coward

      Re: All fun and games until they rip off the wrong ones

      Yes, just wait 'til they rip-off some Russian oligarch whose friends have a spare cruise missile...

  3. Pascal Monett Silver badge

    "the storage bucket [..] was left facing the public internet with no security protections"

    Well then, it seems to me that the problem is not actually Magecart.

    You can hardly complain about being robbed when you leave the front door wide open. Of course, this problem exists because everything Internet is made to be as simple as possible. Create your web site in one click ! The goal is get people to subscribe, not to ensure they do so securely. And people are not security-minded, not to mention that many, if not most, have no idea what they are supposed to pay attention to.

    It should be easy to prevent any web site from going live as long as the passwords are still default, but hey, that would be bothering the customer and we can't have that, now can we ?

    So we have Magecart instead.

    1. Doctor Syntax Silver badge

      Re: "the storage bucket [..] was left facing the public internet with no security protections"

      "You can hardly complain about being robbed when you leave the front door wide open."

      It's not those leaving the front door who are being robbed, it's their customers.

      1. Claptrap314 Silver badge

        Re: "the storage bucket [..] was left facing the public internet with no security protections"

        Ahem. Their customers who are running random javascript...

  4. Doctor Syntax Silver badge

    "The use of bulletproof hosting is particularly bad in the case of Magecart, as it eliminates one of the more effective means of stopping the infection - disabling command and control servers."

    It doesn't stop the re-assignment of the IP addresses of the DCs concerned. OK, it takes out anything co-hosted there but of the DC operators want to get back into business then they have to clean up, assuming they can given that they're in bandit territory.

    1. Bronek Kozicki

      The trick is to perform a quick whois query to find the block, then block the whole block.

      1. Anonymous Coward
        Anonymous Coward

        On review, we just swung a geo block in place on the whole country. We'll revisit that when we are looking at doing business there, which is rather unlikely (not our focus).

  5. DeeCee

    Its not rally civil war in Ukraine

    Its russian invasion of Ukraine, you know duck test and all

  6. phuzz Silver badge

    Are these servers actually located in the front lines? Or is that where the physical address is, perhaps with the traffic being routed somewhere a little less shooty?

  7. Anonymous Coward
    Holmes

    No Shit Sherlock

    Luhansk was a hotbed of internet crime long before the war, as any Russian/FSU Internet Dating site user will tell you.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like