Hello, welcome to the Monday, July 16th, 2018 edition of the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Washington, D.C.

Just a quick follow-up on the extortion emails. Looks like some of the victims actually paid. We got a hold of about a dozen or so samples right now,

and I think we found four Bitcoin addresses that have received funds. Now, a couple of these

addresses have received more than one payment, kind of suggesting that the addresses

were reused for different victims.

As a little site project that came out of polling the Bitcoin addresses via blockchain.

Dotinfo, Did he wrote a quick tutorial about how to use command line tools like JQ to parse JSON formatted data,, how to extract blocked Bitcoin addresses from email.

That's probably a good indicator to look for some malicious emails like these extortion emails.

Xavier ran into yet another cryptojacking exploit.

In this case, existing JavaScript on a compromised WordPress

site was modified to include the cryptojacking JavaScript. Usually we just have additional

script tags being added, but here they actually just sort of appended it to existing JavaScript.

Also, Xavier found that the JavaScript was not well recognized now by Virus Total or by the

scanners that are represented by Virus Total back when the script hit on Friday.

I hope that by now things look a little bit better but the sample of course

was heavily obfuscated when we're talking about search engines for the

internet of things we usually refer to Shodan the probably best known

search engine that catalogs various systems exposed on the internet.

However, Shodan isn't the only one.

Zoom-Eye, a similar system to scan the internet for open ports,

appears to have pushed the ethical boundaries of such scans even further.

Researchers from security firm New Sky found out that Sumai enumerated passwords for devices

...