# malware in Britney Spears Instagram Photos!



## DeathtoGnomes (May 8, 2019)

> developed malware that hid its control mechanism inside comments posted on Britney Spears' Instagram photos



https://www.zdnet.com/article/russi...hell-of-a-clever-microsoft-exchange-backdoor/

Not surprised hacks are still used in photos.



> However, Kaspersky only described the tool in brief.






> In addition, if anyone had any doubts LightNeuron was the work of Russian hackers, ESET researchers said that in the cases they investigated they found that Turla operators only sent commands to backdoored servers during a typical 9-to-5 workday in the UTC+3 (Moscow) timezone, and took a break from all operations between December 28, 2018, and January 14, the typical Christmas and New Year holidays for Eastern Orthodox Christians --Russia's main religion.



Kapersky basic blew this off and allowed it to continue without much fanfare something like this usually causes. However, this says they might have a hand in it.

I'm betting some email copies were sent to WikiLeaks.


----------



## Vayra86 (May 8, 2019)

Britney Spears of all people. I was in elementary school when that was a thing...

Dayum time goes fast


----------



## rtwjunkie (May 8, 2019)

Its amazing that after almost 20 years her pics are still targeted with infections.  They used to be at the top of the list.


----------



## Nuke Dukem (May 8, 2019)

So this is basically the Anna Kournikova picture worm on steroids


----------



## sepheronx (May 8, 2019)

Nuke Dukem said:


> So this is basically the Anna Kournikova picture worm on steroids



Funny how a picture of a tennis star infected millions of computers.

She is a beauty I guess.


----------



## Solaris17 (May 8, 2019)

Vayra86 said:


> Britney Spears of all people. I was in elementary school when that was a thing...
> 
> Dayum time goes fast





rtwjunkie said:


> Its amazing that after almost 20 years her pics are still targeted with infections.  They used to be at the top of the list.





Nuke Dukem said:


> So this is basically the Anna Kournikova picture worm on steroids



I bet as steganography techniques get more advanced we see more and more infections like this. I mean in a social media driven internet it would have a huge audience. Especially if the payload was complex, it could be wannacry timeline levels of infection.


----------



## Steevo (May 9, 2019)

Solaris17 said:


> I bet as stenography techniques get more advanced we see more and more infections like this. I mean in a social media driven internet it would have a huge audience. Especially if the payload was complex, it could be wannacry timeline levels of infection.




Always on top of this. Your idea could bring the internet down, multiple payloads that DDOS the servers they are from cascading into Instagram DDOSing itself through users or Facebook. Download a photo and your device starts fetching a list of other pictures to download and run malware distributed on user devices.


----------



## moproblems99 (May 9, 2019)

rtwjunkie said:


> Its amazing that after almost 20 years her pics are still targeted with infections.  They used to be at the top of the list.



Herpes is the gift that keeps on giving you know.

Sorry, that was mean.


----------



## johnspack (May 9, 2019)

I think most of us in this forum would know not to dl things like that.  But Britney Spears?  Really?


----------



## Solaris17 (May 9, 2019)

Steevo said:


> Always on top of this. Your idea could bring the internet down, multiple payloads that DDOS the servers they are from cascading into Instagram DDOSing itself through users or Facebook. Download a photo and your device starts fetching a list of other pictures to download and run malware distributed on user devices.



Gets even more crazy when you think about what a picture is as its core. A means to deliver information. Why stop at pictures of the hot new topic? what about infecting air gapped networks? Like those that have been hit before. Im not talking about pics of brad pit, im talking about infecting the .jpg's for the blow out diagrams of sensitive equipment. Even more detrimental since internal systems (like running CnC machines etc) are seldom patched or updated.

Goes even further too. Getting to know your audience right? A picture of the dutchess' new baby will infect alot of people that browse casually, you might not infect alot of people with repair manuals for SCADA systems. But you can do alot of damage by finding popular pictures in a specific field..

For example. Do you want to infect the internal/management network and bypass all the VLANS? No problem. Anyone that knows what a crimper is on this forum has seen this picture.






Find yourself onsite or in the DC out of pre-molded cables and you need to throw one together really quick. I'll bet your not connected to the guest network when looking this up.

Now you own, hospital systems, delivery management networks, *banks*. etc etc.


----------



## moproblems99 (May 9, 2019)

Solaris17 said:


> what about infecting air gapped networks?



That's what microphones, speakers, and UHF are for.


----------



## Bill_Bright (May 9, 2019)

There's some misinformation being presented here. 

Note the article points out that the backdoor malware was hidden in the comments of the Britney Spears photos. Not in the photos themselves. Once the malware some how gets past all other security measures (this is not explained either) and installs itself on the Exchange server while remaining undetected, then the backdoor malware is able to read hidden commands in email attachments.  It seems to me there would have to be a bunch of "what ifs" to take place before a bad guy could actually exploit this vulnerability for nefarious deeds. 

I would have to assume too that Microsoft was informed of this vulnerability before this announcement went public now. So hopefully, MS has been able to reproduce it at will, and has already developed and made available the patch for it. We may never know about that.


----------



## Steevo (May 10, 2019)

Bill_Bright said:


> There's some misinformation being presented here.
> 
> Note the article points out that the backdoor malware was hidden in the comments of the Britney Spears photos. Not in the photos themselves. Once the malware some how gets past all other security measures (this is not explained either) and installs itself on the Exchange server while remaining undetected, then the backdoor malware is able to read hidden commands in email attachments.  It seems to me there would have to be a bunch of "what ifs" to take place before a bad guy could actually exploit this vulnerability for nefarious deeds.
> 
> I would have to assume too that Microsoft was informed of this vulnerability before this announcement went public now. So hopefully, MS has been able to reproduce it at will, and has already developed and made available the patch for it. We may never know about that.




We have also had metadata security issues, which can be imbedded into a picture, want to see where this picture was taken? Click and find out......


----------



## R-T-B (May 10, 2019)

Bill_Bright said:


> Note the article points out that the backdoor malware was hidden in the comments of the Britney Spears photos.



Not even malware, but malware control instructions.  Sensationalist?  Yes, quite a bit.  I must've missed that yesterday when I was being offtopic/bad frog.


----------



## cucker tarlson (May 10, 2019)

Vayra86 said:


> Britney Spears of all people. I was in elementary school when that was a thing...
> 
> Dayum time goes fast


I was 13 when she was 18,now I'm 31 and she's 44.


----------



## bbmarley (May 10, 2019)

Quick to point the finger at Kaspersky, What have other AV done about it?


----------



## Bill_Bright (May 10, 2019)

bbmarley said:


> Quick to point the finger at Kaspersky, What have other AV done about it?


Its not about what other programs did. The problem there was Kaspersky was fully aware of the LightNeuron tool way back in Q2 20018 but apparently did nothing about it. Here it is well into Q2 2019 and this threat is making headlines. So yeah, the question is raised - why did Kaspersky sit on a tool for a full year that is known to be used by Russian cyberspies? 

Remember,  Kaspersky doesn't exactly have a clean history in this area (there are just too many different reports from too many reliable sources for this to be "fake news"! )

Yes, they make good products and the normal home user probably has nothing to worry about. But free-world governments, universities, banks and other organizations (the primary users of Microsoft Exchange) sure need to be wary of those products. Don't forget too, Eugene Kaspersky studied under the KGB.  While he was never an "agent", the ties are well documented. 

Is there a smoking gun? Of course not. Putin and the KGB (and FSK today) don't leave smoking guns laying around - except on purpose.


----------



## dorsetknob (May 10, 2019)

cucker tarlson said:


> and she's 44.


What She's had a Boob job   must see pic's


----------



## cucker tarlson (May 10, 2019)

dorsetknob said:


> What She's had a Boob job   must see pic's


I'll pass


----------

