Hello and welcome to the Thursday, March 2nd, 2023 edition of the Sandsenet Storm Center's

Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Savier today found a Python script bringing back memories. This Python script steals information from gamers.

I remember some of the very early pieces of malware that I've been sort of working on many,

many years back, that were often referred to as gold farming, where you had at hackers

stealing virtual goods, for example, from World of Warcraft

was the big thing back then. Now, World of Warcraft was also one of the pioneers as a result

when it came to two-factor of the occasion. This script uses Telegram as a command control channel and then essentially searches your system for credentials and other information regarding several games.

Minecraft is targeted here, but also the platform Steam, which of course can be used for various other games and other domains and

such are being intercepted in order to steal users' data. The exact monetization here isn't quite

clear just from the malware itself, but online gaming credentials are valuable. They are being

traded and often then again, just like in the old days with World

of Warcraft, you may find, for example, virtual goods being removed from accounts or the accounts

themselves being used for the status they have in the game.

And first, DNS abuse special interest group came up with an interesting DNS abuse techniques

matrix.

The document was actually released a while ago.

I sort of forgot about it, but was just reminded about it again by a news article.

What I find interesting about this document is that it gives you a very

thorough list of how DNS may be abused. They list about 21 techniques and its attacks against,

for example, your DNS infrastructure against registrar, but also the use of DNS, for example,

as a command control channel. And then for each one of these threats, they're then listing

...