{"id":4386,"date":"2017-10-09T12:07:11","date_gmt":"2017-10-09T12:07:11","guid":{"rendered":"http:\/\/musilda.cz\/?p=4386"},"modified":"2017-10-09T12:07:11","modified_gmt":"2017-10-09T12:07:11","slug":"mason-soiza-muz-ktery-stoji-za-backdoor-kodem-pluginu-display-widgets","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/mason-soiza-muz-ktery-stoji-za-backdoor-kodem-pluginu-display-widgets\/","title":{"rendered":"Mason Soiza: Mu\u017e, kter\u00fd stoj\u00ed za backdoor k\u00f3dem pluginu Display Widgets"},"content":{"rendered":"

Trochu opo\u017ed\u011bn\u011b, ale p\u0159ece. V \u010dl\u00e1nku o backdoor k\u00f3du<\/a>, kter\u00fd byl objeven v popul\u00e1rn\u00edm pluginu Display Widgets, padlo jm\u00e9no Maison Soiza<\/strong>. A proto\u017ee jsem v\u00e1m sl\u00edbil bli\u017e\u0161\u00ed info o tomto mu\u017ei, tady ho m\u00e1te.<\/p>\n

Popsat v\u0161echny nekal\u00e9 aktivity Soizy by vydalo na men\u0161\u00ed knihu. Mlad\u00edk aktivn\u011b spamuje<\/strong> ji\u017e pom\u011brn\u011b dlouho a b\u011bhem minul\u00fdch 5 let vypustil do sv\u011bta celkem 9 pochybn\u00fdch WP plugin\u016f<\/strong>. Zam\u011b\u0159me se v\u0161ak na jeho posledn\u00ed kousek, kdy \u010dty\u0159ikr\u00e1t po sob\u011b um\u00edstil do repozit\u00e1\u0159e plugin Display Widgets s backdoor k\u00f3dem.<\/p>\n

Do p\u00e1tr\u00e1n\u00ed po Soizovi se pustil Mark Maunder z Wordfence<\/strong> t\u00fdmu. Kontaktoval p\u016fvodn\u00ed autorku Stephanii Wells, kter\u00e1 mu ochotn\u011b poskytla bli\u017e\u0161\u00ed informace o transakci.<\/p>\n

Ve zkratce:<\/strong> Soiza autorku pluginu kontaktoval s t\u00edm, \u017ee j\u00ed u\u0161et\u0159\u00ed spoustu starost\u00ed a postar\u00e1 se o dal\u0161\u00ed v\u00fdvoj. Nab\u00eddl j\u00ed 15 tis. USD<\/strong> a nasliboval hory doly. Mimo jin\u00e9 i to, \u017ee se o u\u017eivatelskou z\u00e1kladnu kr\u00e1lovsky postar\u00e1. Ostatn\u011b to i ud\u011blal, kdy\u017e pozd\u011bji do pluginu vlo\u017eil backdoor k\u00f3d. Ka\u017ed\u00fd si asi customer support p\u0159edstavuje trochu jinak. \u017de by se Soiza sna\u017eil nastolit nov\u00fd level? \ud83d\ude42<\/p>\n

Platba prob\u011bhla p\u0159es PayPal z e-mailov\u00e9 adresy pp@linkrocket.net. Prvn\u00ed update na verzi 2.6.1. prob\u011bhl 21. \u010dervna a pro up\u0159esn\u011bn\u00ed \u2013 v t\u00e9 dob\u011b plugin vyu\u017e\u00edvalo p\u0159es 200 tis\u00edc u\u017eivatel\u016f. Jako prvn\u00ed reportoval spam Calvin Ngan. P\u0159esn\u011bji Payday Loan spam, co\u017e je s ohledem na d\u00e1le uveden\u00e9 skute\u010dnosti velmi d\u016fle\u017eit\u00fd poznatek.<\/p>\n

Seznamte se s Masonem Soizou<\/h2>\n

\"\"<\/a><\/p>\n

Smlouvou, kterou Stephanie Wells obdr\u017eela, podepsal Mason Soiza. Jm\u00e9no spole\u010dnosti vedouc\u00ed na tento kontakt Soiza Limited of Jubilee Cottage, Nottingham, England, NG122LS<\/strong>.<\/p>\n

Podle rejst\u0159\u00edku je jedin\u00fdm majitelem firmy Mason Reece Soiza, rok narozen\u00ed 1994, britsk\u00fd ob\u010dan. Povol\u00e1n\u00edm po\u010d\u00edta\u010dov\u00fd program\u00e1tor (nebo sp\u00ed\u0161e spammer?).<\/p>\n

E-mail, kter\u00fd Soiza pou\u017eil v komunikaci je pp@linkrocket.net. Kdy\u017e kouknete na web linkrocket.net, najdete tam pouze logo. Ale sta\u010d\u00ed se kouknout do archiv\u016f z kv\u011btna 2014. Na webu byly uvedeny celkem t\u0159i kontaktn\u00ed e-maily. A kdy\u017e do Googlu zad\u00e1te jeden z nich \u2013 mason@linkrocket.net, dostanete se k \u0159ad\u011b soci\u00e1ln\u00edch profil\u016f. V\u010detn\u011b LinkedIn profilu s fotografi\u00ed (ta u\u017e te\u010f na profilu nen\u00ed, ale Maunder si ud\u011blal screenshot).<\/p>\n

Soiza se na sv\u00e9m LinkedIn profilu<\/a> prezentuje jako CEO Payday Loans Now od roku 2014. Kdy\u017e kouknete na web www.paydayloansnow.co.uk, najdete tam spoustu informac\u00ed a mimo jin\u00e9 i registra\u010dn\u00ed \u010d\u00edsla n\u011bkolika spole\u010dnost\u00ed. Podstatn\u00e9 je, \u017ee Soizova spole\u010dnost prod\u00e1v\u00e1 finan\u010dn\u00ed slu\u017eby, kter\u00e9 poskytuje spole\u010dnost Quint Group Limited.<\/p>\n

Soizovy aktivity jsou rozs\u00e1hl\u00e9.<\/strong> Provozuje nap\u0159\u00edklad web www.unsecuredloans4u.co.uk, ale tak\u00e9 www.cityofescorts.co.uk, na kter\u00fd spamoval pomoc\u00ed jin\u00e9ho WordPress pluginu 404 to 301 plugin. Podle Whoisology vedou Soizovy e-mailov\u00e9 adresy tak\u00e9 k web\u016fm onlineblackjackexpert.net a 0xd0d78w2.info , kterou Google eviduje jako zdroj malwaru. Ne\u017e Google web zablokoval, byla na n\u011bm hl\u00e1\u0161ka, \u017ee v\u00e1\u0161 po\u010d\u00edta\u010d infikoval \u0161kodliv\u00fd software a telefonn\u00ed \u010d\u00edslo na linku \u201eMicrosoftu\u201c.<\/p>\n

\"\"<\/a><\/p>\n

V podnik\u00e1n\u00ed se Soizovi evidentn\u011b da\u0159\u00ed<\/h2>\n

Kdy\u017e se kouknete na Soiz\u016fv ve\u0159ejn\u00fd profil na Facebooku, dojdete k z\u00e1v\u011bru, \u017ee se nem\u00e1 v\u016fbec \u0161patn\u011b. V kv\u011btnu tohoto roku nav\u0161t\u00edvil Grand Prix v Monacu a v dubnu zase v podniku Dead Rabbit v NY, kde za koktejl zaplat\u00edte kolem 16 USD.<\/p>\n

Loni na jedno f\u00f3rum p\u0159idal u\u017eivatel Mason Reece Soiza fotku Ferrari 458 Italia s pozn\u00e1vac\u00ed zna\u010dkou MA52SON. U\u017eivatel\u00e9 o n\u011bm psali jako o \u201e\u0159idi\u010di idiotovi\u201c.<\/p>\n

\"\"<\/a><\/p>\n

Suma sum\u00e1rum, Mason Soiza je aktivn\u00ed v r\u016fzn\u00fdch sf\u00e9r\u00e1ch internetov\u00e9ho byznysu a zd\u00e1 se, \u017ee se nestyd\u00ed ni\u010deho. Pohybuje se zejm\u00e9na v oblasti p\u016fj\u010dek, eskortu, hazardu, co\u017e mu evidentn\u011b vyn\u00e1\u0161\u00ed slu\u0161n\u00e9 pen\u00edze. Byl aktivn\u00ed na mnoha black hat internetov\u00fdch f\u00f3rech, v\u010detn\u011b BlackHatWorld.com, kde obdr\u017eel ban<\/a>.<\/p>\n

Je tohle konec p\u0159\u00edb\u011bhu? Pravd\u011bpodobn\u011b nikoliv, proto\u017ee lid\u00e9 jako Soiza v\u017edy p\u0159ekvap\u00ed n\u011b\u010d\u00edm nov\u00fdm.<\/p>\n","protected":false},"excerpt":{"rendered":"

Trochu opo\u017ed\u011bn\u011b, ale p\u0159ece. V \u010dl\u00e1nku o backdoor k\u00f3du, kter\u00fd byl objeven v popul\u00e1rn\u00edm pluginu Display Widgets, padlo jm\u00e9no Maison Soiza. A proto\u017ee jsem v\u00e1m sl\u00edbil bli\u017e\u0161\u00ed info o tomto mu\u017ei, tady ho m\u00e1te. Popsat v\u0161echny nekal\u00e9 aktivity Soizy by vydalo na men\u0161\u00ed knihu. Mlad\u00edk aktivn\u011b spamuje ji\u017e pom\u011brn\u011b dlouho a b\u011bhem minul\u00fdch 5 let<\/p>\n","protected":false},"author":1,"featured_media":4306,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[30],"tags":[],"class_list":["post-4386","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4386"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=4386"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4386\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/4306"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=4386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=4386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=4386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}