The threat group took advantage of the ability to create profiles and post in forums to embed encoded Command-and-Control (C&C) for use with a variant of the malware BLACKCOFFEE. However, TechNet’s security was in no way compromised by this tactic.
Read more here – https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html