those comment feeds are a mystery to me. thousands of people posting comments at a pace so quick no one can read them, on a service that ensures you will never find your own comments again. Is the act of commenting somehow inherent into the human condition? Is there a need to shout "You are my princes of Pop forever i love you my love ❤❤❤❤❤🎂🎂🎂🌸🌸🌸🌸" into the void?
posted by rebent at 2:40 PM on June 14, 2017 [5 favorites]

She's toxic.
posted by sexyrobot at 2:44 PM on June 14, 2017 [7 favorites]

She's toxic.

Viral?
posted by Fizz at 2:48 PM on June 14, 2017

1. Does this rely on infected users being fans of Britney Spears?

2. Is 45 a fan of Britney covfefe
posted by adept256 at 2:51 PM on June 14, 2017

Oops, I did it again. . . .
posted by gsh at 2:54 PM on June 14, 2017 [1 favorite]

Object Oriented Programming did it again?
posted by adept256 at 2:57 PM on June 14, 2017 [4 favorites]

L̖̭͕̗̥̯ͩ̏ͅê̻̯̟͍͎̓͑̈̄̾ͨͭ̏a̭̥̬͔ͯ̍͐̆̽v̠̭͙͓͔̺̿ḛ͍̺̗̗͙̺̌̈́ ̖͓̲͓̖̾ͅͅb͖̦̼͎̘̻̱̐̐ͨͣr̼̠̣̗͐̍̀ͥ͛i͕͎̜̣̹̩̙͚̼͌͗͂̈́͗t͓͇̺̔͗ͫ̍n̻̼̏̾ͪ͛͆̚ȅ̫̟̖̲̘̹̝̙̣ͬ͗̆ͦͩ͌y̘̼̖̰̗͕͙͂̊̇̆͐ ̞̩͚͇͈̒å̪̱̬͔̼͛̏ͫ̈́̂͛l̬̤̰̺͚͗̇ͣ̔ͬ̊̄o̰̳͔͈̱̤̓̃̒nͨ̊͆ͬ̐̚ͅe͇̫̲͙̬͖͛̎̅̂̑!͇͉͇̣̠̘̙̱̓̽!̮̺̬̟̲͍̗ͮ́͛̏͆̿͒̐!̖̦͍͊̌ͬ͑̐̚
posted by lalochezia at 2:57 PM on June 14, 2017 [11 favorites]

This story is at least 6 days old.
posted by spock at 3:52 PM on June 14, 2017

It's not a scoop, not yet a legend.
posted by grumpybear69 at 4:02 PM on June 14, 2017 [5 favorites]

The innovation—by a so-called advanced persistent threat group known as Turla—makes the malware harder to detect because attacker-controlled servers are never directly referenced in either the malware or in the comment it accesses.

I would have thought the idea was to make the C&C burn-able, to weaken that link back to the attackers. Does this somehow also make the client infection harder to find?
posted by Western Infidels at 4:06 PM on June 14, 2017 [1 favorite]

spock: "This story is at least 6 days old."

I'm afraid I don't understand this complaint.
posted by Chrysostom at 4:07 PM on June 14, 2017 [14 favorites]

I would have thought the idea was to make the C&C burn-able, to weaken that link back to the attackers. Does this somehow also make the client infection harder to find?

If the malware has to connect directly to sketchy-site.horse to check for orders, you can detect an infection by just looking at your network traffic. But if the malware's just reading facebook, well that's the same kind of traffic lots of people do normally.
posted by aubilenon at 4:29 PM on June 14, 2017 [5 favorites]

If the malware has to connect directly to sketchy-site.horse to check for orders, you can detect an infection by just looking at your network traffic.

My reading of this description is: the malware checks Instagram to see if it should connect to sketchy-site.horse or sketchy-site.beaver or whatever. Then it does indeed connect, albeit thinly disguised by bit.ly. Maybe I'm mistaken, this isn't my field at all.

That connection to bit.ly will show up in a log; I think the forward it produces will also. No? If passing through bit.ly is enough to disguise the client, then why doesn't it just connect to bit.ly explicitly?
posted by Western Infidels at 6:17 PM on June 14, 2017 [1 favorite]

If passing through bit.ly is enough to disguise the client, then why doesn't it just connect to bit.ly explicitly?

My understanding is that this lets them change the URL on the fly. So if sketchy-site.horse (or the bit.ly link to it) gets blocked, they just post a new comment which the malware will decode for a new URL.
posted by airmail at 7:23 PM on June 14, 2017 [2 favorites]

That connection to bit.ly will show up in a log; I think the forward it produces will also. No?

Yes. The forwarding just instructs the browser to connect to a new URL.
posted by WaylandSmith at 7:47 PM on June 14, 2017 [1 favorite]

#2spooky4me #surreal
This is the #cyberpunk future we were promised.
What I find fascinating is how well the comment with the address encoded in it blends in with the other comments. The comment section for Britney's Instagram is, admittedly, a pretty low bar for a Turing test but it does makes me wonder how it was generated. Since the program ID's it by hashing the comments they must be #Generating thousands of random comments until they get a hash collision. The numbers and capital letters look like they might be pulled from a dictionary of appropriate hashtags and the lowercase #Letters in the URL get encoded by adding the Zero Width Joiners to the main comment text which might be from some kind of pervy Markov chain or could be copying from previous comments and #adding in 'typos' to make sure it includes all of the right characters. #9
posted by metaphorever at 9:47 PM on June 14, 2017 [3 favorites]

That connection to bit.ly will show up in a log; I think the forward it produces will also.

Sure but they don't have to even post anything to instagram until they're ready to send out a command, right?
posted by aubilenon at 10:23 PM on June 14, 2017

is the act of commenting somehow inherent into the human condition?,

Perhaps Language is the virus
posted by eustatic at 10:41 PM on June 14, 2017

Leave Britney alone!
posted by PenDevil at 12:36 AM on June 15, 2017

posted by metaphorever

Eponysterical doesn't even begin to describe this comment
posted by OverlappingElvis at 9:42 AM on June 15, 2017 [1 favorite]