This post requires a lot of context to make sense out of. Unless you are in the security space and familiar with what happened last 36 hours, it probably won't make much sense quickly.
1) Microsoft has a critical flaw in DNS server
2) A security company publishes the info - no public exploit available at this point
3) Someone creates a fake exploit - playing a prank on hackers and other security companies
4) Lots of people ran the prank code or helped spread the existence of the fake exploit
Not sure if this makes it easier to understand- at least I tried. :)
That's my take. Just random garbage. There is a thread of something in there, but I don't have the time/ energy to quite get it. Something about a fake hack, Rickrolling, and piping curl to the shell. Beyond that I gave up because it's too poorly organized.
It's a brand new vuln so people would be interested in a proof of concept. The author created a git repo that was nominally a PoC exploit for this vulnerability but was really just a troll, and publicized it on twitter.
Some people ran the "proof of concept" code without reading it first and got trolled. If the author had been malicious they could have done something much worse than rickrolling.
The repo also contains a real fix for the vulnerability.
This is a particularly "amusing" troll because the sort of people who keep up with CVEs and look for proof-of-concept exploits should really know better than to run random code they just got off GitHub without checking what it does.
It's obvious with the most cursory examination of the code in the repo that you shouldn't run it, exploit.sh contains:
Took one glance at the shell script piping curl to bash and red flags went up everywhere! Not only piping curl to bash, but doing it via a bit.ly link. Then Twitter and the media started to pick it up and pass it on unverified. I should have been shocked, but I wasn't. I'd love to see the bit.ly stats for the short URLs added to the article.
I'm sure people are stupid, I've seen it myself too many times to count, but how does he know that these weren't executed in a VM? A couple hundred shells isn't so much that I'd rule out that some non-trivial fraction of them were under analysis.
I imagine the reason this doesn't happen too often in serious domains is because the next time the person says/posts anything, will they be believed without checking their claims? Of course, in security, this may even be a good thing?(!) :-)
I think the interesting thing here is that outlets like Vulcan picked it up and wrote about it with authority. Linking to the repo from these "trusted" sources likely gave it a lot more credibility than it would otherwise have received.
I was unable to scroll this article on mobile to read it. It seems like it could be interesting, but it’s too bad about the technical obstacles to doing so.
1) Microsoft has a critical flaw in DNS server
2) A security company publishes the info - no public exploit available at this point
3) Someone creates a fake exploit - playing a prank on hackers and other security companies
4) Lots of people ran the prank code or helped spread the existence of the fake exploit
Not sure if this makes it easier to understand- at least I tried. :)