Bb.txt Instant
Unlike common malware that uses random strings, BusyGasper used a deceptively simple naming convention for its components on the infected device's FTP server. Among a list of system-looking files like privapp.txt and supersu.cfg , was found to be a BusyBox v1.26.2 ELF file . By masquerading as a text file, bb.txt aimed to:
BusyBox is a "Swiss Army Knife" of Linux commands, allowing the spyware to perform complex file operations and data exfiltration once the "text" file was executed as a binary. 3. Lessons for Sysadmins bb.txt
Always verify file types using the file command in Linux (e.g., file bb.txt ) rather than relying on the suffix. Unlike common malware that uses random strings, BusyGasper
Comparing the contents of two files ( diff aa.txt bb.txt ) to spot code changes. The "Good" bb.txt: The Developer’s Scratchpad
In 2018, security researchers at Kaspersky's Securelist uncovered a sophisticated Android spyware campaign dubbed .
In the world of coding and system administration, we often use "dummy" files like test.txt , aa.txt , and bb.txt . They are the "John Does" of our file systems. But sometimes, a generic name hides a much darker purpose. Today, we’re looking into the strange case of . 1. The "Good" bb.txt: The Developer’s Scratchpad
Regarding the patch in the DeployWiz_SelectTS.vbs script, for MDT build 8443 you will have to add an extra line; in “Function ValidateTSList”, after the line that says “Dim oTS” add the following:
Dim sCmd
Dim oItem
Set oShell = createObject(“Wscript.shell”)
The two lines at the bottom are as in MDT 2013 Update 2.
Kudos on this workaround goes to Ward Vissers in “MDT Build 8443 Automatically move computers to the right OU” (http://www.wardvissers.nl/2016/12/29/mdt-build-8443-automatically-move-computers-to-the-right-ou/).
Thanks a lot for your article!
— Javier Llorente
Thanks for this Javier!
Has anyone tried this same fix in MDT Build 8456? I’m working on updating my MDT to the latest install and I’m having issues getting the TS Selection to work like it did previously with this fix in place.