back to article Ordinary web access request or command to malware?

A threat group that targets corporate emails is delivering dropper malware through a novel technique that uses Microsoft Internet Information Services (IIS) logs to send commands disguised as web access requests. The dropper, dubbed Geppei, is being used by a group Symantec threat researchers call Cranefly to install other …

  1. Version 1.0 Silver badge

    M' aI where?

    About 20 years ago I used to see virus deliveries once, or even occasionally twice, a month. Nowadays the corporate internet access is busy trying to stop more than 30 every day.

  2. Claptrap314 Silver badge

    Anything over anything

    This is another application of the AoA meta-protocol that I mentioned with the DNS-over-https stuff was first brought up. Honestly, the only surprise is that this appears to be new or at least rare.

  3. Wouldnyaliketoknow

    On those corporations where cranefly stayed the longest check the puts and calls activity to look for unusual volumes at some point before major stock valuation moves either up or down. This is an ideal way to steal valuable info such as pending mergers and acquisition activity. Millions of dollars can be made safely and easily. A possible way to trace Cranefly might be to identify unusual volume spikes in derivative trades such as puts and calls. Catch the hackers by sneaking up on them from a direction they would never expect lol, via the particular national securities and exchange commission anr specific stock market where the victimized corporation was registered Honestly this is the safest and best way to make money via hacking I have ever seen. probably they trace to an offshore wnnymous business entity in panama lol. They are busted now if anyone is willing to put the resources into looking into it.

  4. Wouldnyaliketoknow

    This is such a safe and ideal way to make guaranteed money that monetary gain must be the motive. Trading on inside information with leveraged, unhedged derivatives results in beaucoup bucks. My theory will be correct if Cranefly targets large cap corporations, since they have deep liquidity in their derivative markets. One might find some big whales behind this, an ingenious way to hack for profit, who thought they could never get caught. They are easier to catch in actuality than the dude who did the hacking.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like