Malware authors use Pastebin to host code backdoor, αναφέρει ο ερευνητής Denis Sinegubko.
The code-sharing website was used to host the malicious code that was later used in attacks against the WordPress platform websites that ran the popular RevSlider plugin.
Ο Sinegubko, is an employee of Sucuri and is known as a whitehat malware analyst blog Unmaskparasites. The researcher said the use of Pastebin as a remote malcode server in many live attacks has been found to be very common.
"Technically, criminals are using Rastebin for what it was created for - to share the creation of code. Only the code is malicious, and usesengage in illegal activities directly from the Pastebin website..
"This time we see a relatively massive use of Rastebin in live attacks, which is quite new to us."
The code injects the contents of a Base64 encoded variable into the $ temp of WordPress core wp-links-opml.php and the file runs immediately. Using the wp_nonce_once parameter has hidden the malicious paste address in an attempt to prevent Pastebin from blocking or deleting the malicious code. This gave him more flexibility to execute any code snippet.
It was a warning for the malware-busting community not to share malcode in Rastebin as this could serve as a convenient server for attackers.
Pastebin works just fine as it allows malicious users to download code in RAW format. It was so effective that an Indonesian hacker "FathurFreaks" of Yogyakarta BlackHat wrote PHP Encryptor.
Οι περισσότερες εταιρείες δεν έχουν κανένα νόμιμο λόγο να επιτρέπουν την access on Pastebin, σύμφωνα με τον Kevin Fielder της RSA. Τον Απρίλη του 2013 ανέφερε σχετικά για ένα κακόβουλο λογισμικό που χρησιμοποιούσε το Pastebin για να πετάξει εκτελέσιμα Base64 σαν κείμενο στην ιστοσελίδα που χρησιμοποιήθηκε στη συνέχεια σαν malware που κλέβει κωδικούς access. Fielder found that the malware was decoding the text inside his sandbox.
"In the end, exclude Pastebin, as there is no valid use of the site by a company that will not pose a significant risk," he said. at that time.
"If you can not rule it out, you have to watch out for it coming down and what was asked."
