Malware writers use Pastebin to host backdoor code, researcher Denis Sinegubko says.
Η code-sharing by clicking here χρησιμοποιήθηκε για να φιλοξενήσει τον κακόβουλο κώδικα που αργότερα χρησιμοποιήθηκε σε επιθέσεις εναντίον ιστοσελίδων της πλατφόρμας WordPress που έτρεχαν το δημοφιλές plugin RevSlider.
Ο Sinegubko, is an employee of Sucuri and is known as a whitehat malware analyst blog Unmaskparasites. The researcher said the use of Pastebin as a remote malcode server in many live attacks has been found to be very common.
"Technically, criminals use Rastebin for the reason it was created - to share the creation of a code. Only the code is malicious, and is used in illegal activities directly from the Pastebin website.
"This time we see a relatively massive use of Rastebin in live attacks, which is quite new to us."
The code injects the contents of a Base64 encoded variable into the $ temp of WordPress core wp-links-opml.php and the file runs immediately. Using the wp_nonce_once parameter has hidden the malicious paste address in an attempt to prevent Pastebin from blocking or deleting the malicious code. This gave him more flexibility to execute any code snippet.
It was one warning for the malware-busting community not to share malcode on Rastebin as doing so could serve as a convenient server for attackers.
Pastebin works just fine as it allows malicious users to download code in RAW format. It was so effective that an Indonesian hacker "FathurFreaks" of Yogyakarta BlackHat wrote PHP Encryptor.
Most Companies have no legitimate reason to allow access to Pastebin, σύμφωνα με τον Kevin Fielder της RSA. Τον Απρίλη του 2013 ανέφερε σχετικά για ένα κακόβουλο λογισμικό που χρησιμοποιούσε το Pastebin για να πετάξει εκτελέσιμα Base64 σαν κείμενο στην ιστοσελίδα που χρησιμοποιήθηκε στη συνέχεια σαν malware που κλέβει κωδικούς πρόσβασης. Ο Fielder εντόπισε ότι το κακόβουλο λογισμικό έκανε αποκωδικοποίηση του κειμένου μέσα στο sandbox of.
"In the end, exclude Pastebin, as there is no valid use of the site by a company that will not pose a significant risk," he said. at that time.
"If you can not rule it out, you have to watch out for it coming down and what was asked."
