While keen to point out that Microsoft's TechNet portal security was "in no way compromised" by the tactic, researchers with security outfit FireEye discovered that a well established China-based hacking campaign called Deputy Dog had managed to create profiles and posts on TechNet that contained embedded Command and Control codes for use with a BlackCoffee malware variant.

This method of hiding in plain sight is nothing new, but it can make detection problematical as the data (especially within a technical forum such as TechNet) is simply 'lost' in a sea of similar code from genuine users of a well respected and therefore assumed to be safe site.

The technique may, however, have backfired having been detected. The FireEye researchers have been working with the Microsoft Threat Intelligence Center to inject their own data onto some of those TechNet pages and use this to gain insight into how the malware, and the people behind it, operate. Ultimately, this will make both identification of infected forum systems and the cleansing thereof much easier.

Tim Erlin, Director of Product Management at Tripwire, warns that while using a legitimate website to distribute malicious data is nothing new "the addition of obfuscation here is a twist that makes detection just that much harder" and points out that "any website that allows for public comments to be submitted is already monitoring for abuse, but they can only detect what they’re actually looking for. Now that this technique has been surfaced, website administrators will adapt to identify it, and the criminals will have to shift again to avoid detection."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.