The Jihadist Repertoire Expands
A further look into the recently more active jihadist hacking forum has turned up a bunch of interesting data. It seems that our erzats foes have been using a group of trojans for their nefarious desires. So far, I have found at least 3 differing trojan makes including the above pictured Turkojan4.
Sword Azzam has been cranking out the “how to” videos and r3p has been creating his own brand of software as well as pointing out other tools to use. It seems though, that Azzam is the ring leader on this but really I see no need to really fear him. Most of his tools and his techniques are old and dated. I see nothing here about 0day or any of the more technical *nix OS’ nor exploits.
What I see mainly is just script kiddie use of windows malware…
Anyway, one of the more interesting things was no-ip, a managed DNS client/service that Azzam configures on video. This service is being used by Azzam to forward traffic I assume for his bots/malware as I know he has a dynamic IP address in Jordan.
In the end, Azzam was very helpful about teaching his little tricks. However, he was better at giving me a good idea of where he lives and what hardware he has.
I will be doing the forensics soon on the files to see what metadata there is as well as lo oking for more posts from these guys. Frankly though, one gets tired of the tedious “allahuackbar” crap that they keep spewing after each post.. For pages and pages of posts! Brevity, just isn’t their thing it seems.
On another note, all of the malware that I have downloaded thus far are easily detected by AV, so anyone with even a passing version of “avast” like the one Azzam uses on his box, should be able to stop these attacks off the bat.. That us unless they set the ignore on the AV, which, I saw him do in the tutorial.
Meh… Old tech and no finesse…
More when I have it.