Lurking Malice in the Cloud

Talk about internet security, computer security, personal security, your social security number...
Post Reply
morganism
Senior Member
Posts: 116
Joined: Tue Nov 26, 2013 9:44 pm

Lurking Malice in the Cloud

Post by morganism » Tue Oct 18, 2016 9:36 pm

Interesting, they are using separate containers, and only assemble a package right before delivery.

http://sciencebulletin.org/archives/6542.html

Xiaojing Liao, et al., “Lurking Malice in the Cloud: Understanding and Detecting Cloud Repository as a Malicious Service,” ACM Conference on Computer and Communications Security (CCS).
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130410 Firefox/23.0

barbaz
Senior Member
Posts: 9280
Joined: Sat Aug 03, 2013 5:45 pm

Re: Lurking Malice in the Cloud

Post by barbaz » Tue Oct 18, 2016 10:29 pm

Apparently I'm not techie enough to fully understand that article. Would these these cloud services be like, Github type stuff, Google Drive type stuff, or what?

I get that the evil-doers are splitting up the malware among different storages. But what's the other thing it says they're doing? And how would I, as a normal user, spot it?
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Thrawn
Senior Member
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: Lurking Malice in the Cloud

Post by Thrawn » Thu Oct 20, 2016 11:08 pm

It's not as sensational as the first line suggests, "10 percent of the repositories hosted by them had been compromised". The main point of the article is that malware authors are cloud-hosting their malware instead of self-hosting it.

The fact that they can split malware into pieces that individually look innocuous is interesting, but mostly relevant for antivirus and similar products. A strong NoScript policy will work the same way as usual.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:49.0) Gecko/20100101 Firefox/49.0

Post Reply