Hello, welcome to the Friday, July 30th, 2021 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Most malware will download additional components after installing itself or after being installed by a user.

And that's often the weak point for this malware and gives an opportunity for a defender to detect the malware.

If, for example, it uses an odd domain name or an unusual URL to download the particular second stage or additional stages

from.

So attackers are always looking for benign websites to add their malicious content to.

And Xavier came across an interesting example where an attacker used Archive.org, the wayback machine,

as it's also known as, to deposit malicious scripts. And of course, the attacker is expecting

that a defender won't really be too suspicious about a user visiting archive.org. This particular attacker did upload a large number of files

to archive.org, so likely multiple campaigns or maybe different attempts in how to exactly do it.

Now, with this, there's also a little bit information that's being deposited about the attacker

on Archive.org, like for example an email address for the account that the attacker set up

to be able to upload files.

But what is what he tells you is there are no safe or unsafe websites.

Any website that allows average average user just by signing up for a free account to upload files

can easily be abused to distribute matter.

And researchers from the University of Turku in Finland did run a static code analysis tool that they call banded against the Python package index or Pi Pi. In total, they looked at 197,000 packages and then looked at, well, what vulnerabilities their static code analysis tool

would uncover. Static code analysis, of course, is not perfect, but should give you a

reasonable idea as to the code quality. I actually think it wasn't really that bad. About

half of the packages had no vulnerabilities and only about 12 or so percent

...